83659890ad0cd5d11eab6f1e49f0c3ab9263fddfbd0f212f62dd6e2ac60cc606

Sharing

Copy URL Twitter E-mail

General

Target

83659890ad0cd5d11eab6f1e49f0c3ab9263fddfbd0f212f62dd6e2ac60cc606
Size

7.0MB
MD5

db2df7e2184f67e4dd96db337aa5e236
SHA1

5bbb80f53403b3a2c615401bb0deb308a08827e6
SHA256

83659890ad0cd5d11eab6f1e49f0c3ab9263fddfbd0f212f62dd6e2ac60cc606
SHA512

fae0436477dee04be21477d86b92da90ed31baf01cd3b8cfbcc87fda2fa325b276538d7be8b30c25b673d69b3aff82bc3a82b02b18f103487ea10fb28aacc7fe
SSDEEP

196608:WYHUzpCZdZGOrB50xm9P7yMCdkIOFB2BrPfkMardmMS:6zpqdAODgm9P7yM61ObeDja8

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Loading.exe
unpack001/ShellQMaker.exe

Files

83659890ad0cd5d11eab6f1e49f0c3ab9263fddfbd0f212f62dd6e2ac60cc606
.zip
Loading.exe
.exe windows:6 windows x86

5f43c644cf75a519939c4ef78cc40bda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationW
GetDriveTypeW
GetConsoleWindow
ExitProcess
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CompareStringEx
GetCommandLineW
GetSystemTime
GetLocalTime
OutputDebugStringW
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
WaitForSingleObjectEx
GetSystemDirectoryW
LoadLibraryW
DuplicateHandle
WaitForMultipleObjects
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
ResetEvent
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetFileAttributesExW
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
CompareStringW
CreateEventW
GetStartupInfoW
GetModuleFileNameW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetLongPathNameW
RemoveDirectoryW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
DeviceIoControl
CopyFileW
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandleEx
FlushFileBuffers
GetFileType
SetEndOfFile
SetFilePointerEx
UnregisterWaitEx
RegisterWaitForSingleObject
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
MultiByteToWideChar
FindFirstFileExW
FindNextFileW
FreeLibrary
GetModuleHandleExW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
GetExitCodeProcess
ReleaseMutex
CreateMutexW
VirtualFree
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
VirtualQuery
SetLastError
LoadLibraryExW
GetCommandLineA
ExitThread
FreeLibraryAndExitThread
SetFileAttributesW
SetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetStdHandle
HeapAlloc
HeapFree
HeapReAlloc
IsValidLocale
EnumSystemLocalesW
GetFileSizeEx
IsValidCodePage
GetACP
GetOEMCP
SetEnvironmentVariableW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
WriteConsoleW
HeapSize
WideCharToMultiByte
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
WriteFile
ReadFile
CreateFileW
GetUserDefaultLangID
GetCurrentProcessId
GlobalSize
LoadLibraryA
GetLocaleInfoW
GlobalLock
GlobalUnlock
GlobalAlloc
OpenProcess
CheckRemoteDebuggerPresent
CreateProcessW
CloseHandle
ExpandEnvironmentStringsW
SetErrorMode
WTSGetActiveConsoleSessionId
FormatMessageW
LocalFree
GetProcAddress
GetModuleHandleW
GetCurrentThreadId
GetLastError
lstrcmpW
Sleep
CreateThread
VirtualAlloc
VirtualProtect
GetLogicalDrives
LCMapStringW
WaitForSingleObject

imm32

ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetContext
ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey
ImmGetDefaultIMEWnd

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

uxtheme

GetThemeEnumValue
GetThemeInt
GetThemeColor
GetThemePartSize
GetThemeMargins
GetThemePropertyOrigin
GetThemeTransitionDuration
CloseThemeData
GetCurrentThemeName
IsAppThemed
IsThemeActive
SetWindowTheme
GetThemeBool
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundRegion
ord47
OpenThemeData

dwmapi

DwmEnableBlurBehindWindow
DwmIsCompositionEnabled

netapi32

NetApiBufferFree
NetShareEnum

userenv

GetUserProfileDirectoryW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

user32

GetClassInfoW
RegisterClassExW
GetFocus
GetClientRect
GetCursorPos
WindowFromPoint
ChildWindowFromPointEx
GetSysColorBrush
LoadImageW
SetMenu
DrawMenuBar
CreateMenu
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu
GetMenuItemInfoW
SetMenuItemInfoW
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
LoadIconW
IsHungAppWindow
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetKeyboardLayout
RegisterWindowMessageW
IsWindowEnabled
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
FindWindowA
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
GetMenu
TrackPopupMenuEx
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetIconInfo
GetCursorInfo
RegisterClassW
EnumDisplayDevicesW
GetClipboardFormatNameW
TrackMouseEvent
AdjustWindowRectEx
GetAsyncKeyState
UnregisterClassW
CloseTouchInputHandle
GetWindowTextW
EnumWindows
RealGetWindowClassW
ChangeWindowMessageFilterEx
MessageBoxW
DrawIconEx
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
RegisterDeviceNotificationW
UnregisterDeviceNotification
CharNextExA
GetForegroundWindow
EnableMenuItem
GetSystemMenu
ReleaseCapture
SetCapture
GetCapture
IsTouchWindow
UnregisterTouchWindow
RegisterTouchWindow
SetFocus
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
SetLayeredWindowAttributes
UpdateLayeredWindow
ShowWindow
IsChild
CreateWindowExW
AttachThreadInput
PostMessageW
SendMessageW
UpdateLayeredWindowIndirect
GetCaretBlinkTime
MessageBeep
IsWindow
GetDoubleClickTime
GetDesktopWindow
GetSysColor
ReleaseDC
GetDC
DestroyWindow
DefWindowProcW
SystemParametersInfoW
GetSystemMetrics
GetWindowRect
SetWindowTextW
InvalidateRect
GetKeyboardLayoutList
GetAncestor
MonitorFromPoint
DestroyIcon
DestroyCursor
GetWindow
GetWindowThreadProcessId
SetParent
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
GetTouchInputInfo
SetCursor
SetWindowRgn
GetUpdateRect
BeginPaint
EndPaint
GetMessageExtraInfo
SetForegroundWindow

gdi32

GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetTextFaceW
GetTextMetricsW
RemoveFontMemResourceEx
GetDIBits
ExtTextOutW
SetWorldTransform
SetTextAlign
SetTextColor
SetGraphicsMode
CombineRgn
AddFontMemResourceEx
RemoveFontResourceExW
AddFontResourceExW
GetStockObject
SetBkMode
GetCharABCWidthsI
GetTextExtentPoint32W
GetFontData
EnumFontFamiliesExW
CreateCompatibleDC
CreateRectRgn
DeleteDC
DeleteObject
GetRegionData
SelectClipRgn
SelectObject
CreateDIBSection
GdiFlush
BitBlt
OffsetRgn
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
CreateBitmap
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SetPixelFormat
SwapBuffers
GetBitmapBits
GetObjectW
CreateFontIndirectW
GetOutlineTextMetricsW

advapi32

AccessCheck
AllocateAndInitializeSid
CopySid
DuplicateToken
FreeSid
GetLengthSid
OpenProcessToken
GetTokenInformation
MapGenericMask
LookupAccountSidW
GetEffectiveRightsFromAclW
GetNamedSecurityInfoW
BuildTrusteeWithSidW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SystemFunction036
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
RegQueryInfoKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW

shell32

SHGetKnownFolderPath
CommandLineToArgvW
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetStockIconInfo
SHGetFileInfoW

ole32

CoCreateInstance
DoDragDrop
CoTaskMemFree
ReleaseStgMedium
CoGetMalloc
CoCreateGuid
OleIsCurrentClipboard
RevokeDragDrop
CoUninitialize
OleFlushClipboard
OleGetClipboard
OleSetClipboard
OleUninitialize
OleInitialize
RegisterDragDrop
CoLockObjectExternal
CoInitialize
StringFromGUID2
CoInitializeEx

oleaut32

SafeArrayPutElement
SafeArrayCreateVector
SysAllocString

winmm

timeSetEvent
timeKillEvent

ws2_32

WSAAsyncSelect

Sections

.text
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 277KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ShellQMaker.exe
.exe windows:6 windows x86

faa623abaeec95ad013320b412e0acc5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceFrequency
GetDriveTypeW
GetProcessHeap
GetFileSize
HeapAlloc
CloseHandle
CreateFileA
WriteFile
HeapFree
ReadFile
InitializeSListHead
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
GlobalFree
GlobalHandle
GlobalSize
GlobalLock
GlobalUnlock
GlobalAlloc
ReadConsoleOutputCharacterA
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterW
WriteConsoleW
WriteConsoleA
AttachConsole
FreeConsole
GetStdHandle
SetLastError
MulDiv
ExpandEnvironmentStringsW
IsBadStringPtrA
IsBadReadPtr
CopyFileW
GetFileType
SetCurrentDirectoryW
WaitForMultipleObjects
CreateEventW
SetEvent
LoadLibraryW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetACP
GetTempPathW
GetTempFileNameW
GetLongPathNameW
GetFileAttributesW
FindFirstFileW
FindClose
CreateFileW
GetCPInfo
IsValidCodePage
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
GetNativeSystemInfo
GetVersionExW
TerminateProcess
GetCurrentProcessId
IsDebuggerPresent
GetEnvironmentVariableW
TlsFree
TlsSetValue
TlsAlloc
GetCurrentThreadId
GetCurrentThread
ExitProcess
GetCurrentProcess
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
OutputDebugStringW
FormatMessageW
LocalFree
GetLastError
WideCharToMultiByte
MultiByteToWideChar
SetErrorMode
GetLogicalDriveStringsW

comctl32

ImageList_SetBkColor
ImageList_Draw
ImageList_Replace
ImageList_GetIconSize
ImageList_GetImageInfo
ImageList_Destroy
ImageList_Create
ImageList_GetImageCount
ord16
ord17
ImageList_Add

rpcrt4

RpcStringFreeW
UuidToStringW

oleacc

LresultFromObject

uxtheme

GetCurrentThemeName
GetThemeBackgroundExtent
GetThemeColor
IsThemePartDefined
GetThemeSysFont
GetThemeSysColor
GetThemeInt
GetThemePartSize
GetThemeFont
IsAppThemed
IsThemeActive
GetThemeMargins
DrawThemeParentBackground
SetWindowTheme
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundContentRect
OpenThemeData
CloseThemeData
DrawThemeBackground

msvcp140

?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Xlength_error@std@@YAXPBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z

shlwapi

SHAutoComplete

msimg32

AlphaBlend
GradientFill

vcruntime140

_except_handler4_common
__current_exception_context
__current_exception
_setjmp3
__RTtypeid
__std_terminate
__CxxLongjmpUnwind
_purecall
longjmp
__std_type_info_compare
__std_exception_destroy
__CxxFrameHandler3
strstr
wcschr
strchr
memset
memmove
wcsstr
memcpy
_CxxThrowException
__std_exception_copy

api-ms-win-crt-heap-l1-1-0

realloc
free
malloc
_set_new_mode
calloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
_invalid_parameter_noinfo_noreturn
_errno
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
exit
abort
__p___argv
__p___argc
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe
terminate

api-ms-win-crt-stdio-l1-1-0

fread
feof
fclose
clearerr
_fseeki64
_wfopen
_telli64
_lseeki64
_read
ferror
_ftelli64
fflush
__stdio_common_vsscanf
__p__commode
_set_fmode
fwrite
__stdio_common_vswprintf_p
_close
_get_osfhandle
_fileno
__stdio_common_vfprintf
_write
__acrt_iob_func
__stdio_common_vfwprintf
_wsopen_dispatch
_open_osfhandle
__stdio_common_vswscanf
__stdio_common_vswprintf

api-ms-win-crt-string-l1-1-0

isspace
strncpy
iswalnum
_wcsicmp
wcspbrk
towlower
towupper
iswspace
_strdup
toupper
strncmp
iswdigit
wcsncpy
iswxdigit
iswprint
iswalpha
tolower

api-ms-win-crt-convert-l1-1-0

strtol
_wcstoui64
_wtoi
strtoll
_wcstoi64
_wtol
wcstod
_wcstod_l
wcstol
wcstoul
atof

api-ms-win-crt-utility-l1-1-0

qsort
bsearch

api-ms-win-crt-locale-l1-1-0

setlocale
_create_locale
_free_locale
_configthreadlocale

api-ms-win-crt-time-l1-1-0

_localtime64
_gmtime64
_mktime64
_time64
_tzset
_get_timezone
wcsftime

api-ms-win-crt-environment-l1-1-0

_wgetenv
_wgetcwd
getenv

api-ms-win-crt-filesystem-l1-1-0

_wremove
_wrename

api-ms-win-crt-math-l1-1-0

_CIatan2
__setusermatherr
floor
ceil
_libm_sse2_sqrt_precise
_libm_sse2_pow_precise
_libm_sse2_tan_precise
_CIfmod
_libm_sse2_sin_precise
_libm_sse2_cos_precise
lroundf
lround
_fdopen
_libm_sse2_acos_precise

user32

IsClipboardFormatAvailable
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
MonitorFromPoint
EnumDisplaySettingsW
ChangeDisplaySettingsExW
wsprintfW
GetClipboardFormatNameW
RegisterClipboardFormatW
CheckMenuRadioItem
GetSysColorBrush
GetMenuItemID
CheckMenuItem
DrawFrameControl
DrawEdge
FindWindowExW
ChildWindowFromPoint
GetComboBoxInfo
GetDesktopWindow
UnionRect
EndPaint
BeginPaint
GetWindowDC
ValidateRect
GetMessageW
SetMenuItemInfoW
InsertMenuItemW
SetMenuInfo
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
GetSubMenu
DestroyMenu
CreatePopupMenu
CreateMenu
GetMenuState
DestroyIcon
IsRectEmpty
ValidateRgn
DrawIconEx
GetCaretBlinkTime
GetDoubleClickTime
TranslateAcceleratorW
DestroyAcceleratorTable
CreateAcceleratorTableW
DestroyCursor
GetClassNameW
MessageBeep
GetWindowTextW
SetWindowRgn
OffsetRect
CopyRect
SetRectEmpty
SetRect
DrawStateW
MessageBoxW
PostThreadMessageW
PostMessageW
RegisterClassW
CreateWindowExW
BringWindowToTop
PeekMessageW
SendMessageW
DefWindowProcW
UnregisterClassW
DestroyWindow
DispatchMessageW
MsgWaitForMultipleObjects
SetTimer
KillTimer
SetCursor
LoadCursorW
DdeInitializeW
DdeUninitialize
DdeConnect
DdeDisconnect
DdePostAdvise
DdeNameService
DdeClientTransaction
DdeCreateDataHandle
DdeGetData
DdeFreeDataHandle
DdeGetLastError
DdeCreateStringHandleW
DdeQueryStringW
DdeFreeStringHandle
GetKeyState
GetWindowLongW
SetWindowLongW
LoadBitmapW
LoadIconW
LoadImageW
GetIconInfo
ShowWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
IsIconic
IsZoomed
CreateDialogIndirectParamW
GetDialogBaseUnits
DrawMenuBar
GetSystemMenu
EnableMenuItem
SetForegroundWindow
SetWindowTextW
RegisterWindowMessageW
SetMenu
GetWindowRect
TranslateMessage
RegisterHotKey
UnregisterHotKey
GetMessagePos
GetMessageTime
PostQuitMessage
CallWindowProcW
IsWindow
AnimateWindow
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
SetFocus
GetActiveWindow
GetFocus
GetAsyncKeyState
VkKeyScanW
MapVirtualKeyW
GetCapture
SetCapture
ReleaseCapture
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenuItemCount
TrackPopupMenu
GetMenuItemInfoW
UpdateWindow
GetDC
ReleaseDC
GetUpdateRgn
InvalidateRect
RedrawWindow
ScrollWindow
EnableScrollBar
GetClientRect
SetCursorPos
GetCursorPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
ChildWindowFromPointEx
GetSysColor
FillRect
InflateRect
PtInRect
GetParent
SetParent
GetWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
IsDialogMessageW
SetScrollInfo
GetScrollInfo
SystemParametersInfoW
CreateDialogParamW
GetDlgItem
GetProcessDefaultLayout
IsMenu
keybd_event
GetWindowTextLengthW
HideCaret
DrawTextW
DrawFocusRect
CreateIconIndirect

gdi32

SelectPalette
SelectObject
GetTextMetricsW
SetBrushOrgEx
RealizePalette
GetDeviceCaps
ExcludeClipRect
CreateRectRgn
GetObjectW
SetWindowExtEx
GdiFlush
EndPage
StartPage
EndDoc
StartDocW
SetAbortProc
EnumFontFamiliesExW
PlayEnhMetaFile
GetEnhMetaFileHeader
GetEnhMetaFileW
DeleteEnhMetaFile
CreateEnhMetaFileW
CloseEnhMetaFile
SetViewportOrgEx
GetSystemPaletteEntries
CreateDCW
CreateICW
GetTextExtentExPointW
GetCharABCWidthsW
CreateRectRgnIndirect
ExtCreatePen
CreatePen
SetDIBColorTable
GetDIBColorTable
CreateDIBSection
GetDIBits
CreateDIBitmap
SetWindowOrgEx
DeleteObject
SetViewportExtEx
PolyBezier
Polyline
Polygon
LPtoDP
DPtoLP
ModifyWorldTransform
SetWorldTransform
GetWorldTransform
SetROP2
StretchDIBits
SetPolyFillMode
SetPixel
GetLayout
SetLayout
SetMapMode
SetGraphicsMode
ExtSelectClipRgn
SelectClipRgn
RoundRect
Rectangle
PolyPolygon
Pie
MaskBlt
GetPixel
GetObjectType
GetClipBox
ExtFloodFill
Ellipse
Arc
CreatePatternBrush
CreateHatchBrush
GetTextExtentPoint32W
GetStockObject
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
CreatePolygonRgn
RectInRegion
PtInRegion
GetRgnBox
EqualRgn
CombineRgn
SetStretchBltMode
StretchBlt
ExtTextOutW
MoveToEx
LineTo
GetBkColor
OffsetRgn
GetRegionData
ExtCreateRegion
GetWindowExtEx
GetViewportExtEx
GetGraphicsMode
CreateSolidBrush
GetOutlineTextMetricsW
CreateFontIndirectW
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmapIndirect
CreateBitmap
BitBlt
SetTextColor
SetBkMode
SetBkColor

winspool.drv

OpenPrinterW
GetPrinterW
DocumentPropertiesW
ClosePrinter

comdlg32

GetOpenFileNameW
PageSetupDlgW
PrintDlgW
CommDlgExtendedError
GetSaveFileNameW
ChooseFontW

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegQueryValueExW
RegSetValueExW
GetUserNameW
RegOpenKeyExW

shell32

SHGetFolderPathW
ExtractIconExW
DragQueryFileW
DragQueryPoint
DragFinish
DragAcceptFiles
SHGetFileInfoW
ord6
ExtractIconW

ole32

RegisterDragDrop
ReleaseStgMedium
OleSetClipboard
OleGetClipboard
OleIsCurrentClipboard
RevokeDragDrop
OleUninitialize
OleInitialize
CoCreateInstance
CoLockObjectExternal
CoTaskMemAlloc
OleFlushClipboard
CoTaskMemFree

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 182KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f43c644cf75a519939c4ef78cc40bda

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

imm32

wtsapi32

uxtheme

dwmapi

netapi32

userenv

version

user32

gdi32

advapi32

shell32

ole32

oleaut32

winmm

ws2_32

Sections

.text Size: 7.5MB - Virtual size: 7.5MB

.rdata Size: 3.1MB - Virtual size: 3.1MB

.data Size: 277KB - Virtual size: 321KB

.qtmetad Size: 1KB - Virtual size: 1KB

.rsrc Size: 362KB - Virtual size: 361KB

.reloc Size: 233KB - Virtual size: 232KB

faa623abaeec95ad013320b412e0acc5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

rpcrt4

oleacc

uxtheme

msvcp140

shlwapi

msimg32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 182KB - Virtual size: 354KB

.reloc Size: 245KB - Virtual size: 244KB

.text
Size: 7.5MB - Virtual size: 7.5MB

.rdata
Size: 3.1MB - Virtual size: 3.1MB

.data
Size: 277KB - Virtual size: 321KB

.qtmetad
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 362KB - Virtual size: 361KB

.reloc
Size: 233KB - Virtual size: 232KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 182KB - Virtual size: 354KB

.reloc
Size: 245KB - Virtual size: 244KB