ab55d957bc67c671a0c06435eb3b1380[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

ab55d957bc67c671a0c06435eb3b1380.bin
Size

5.0MB
MD5

ab55d957bc67c671a0c06435eb3b1380
SHA1

f2405e4e48839fd97f90db19219e1866dbb2d345
SHA256

a971e5387743bd87ec7652a24e1ce05ca4de8846d4096adcf976ff50d85a5b23
SHA512

b7f16c2aad28f960cea7581f8e51eeb80a1a2865c5c976403830384457f75a88ce7377aba859d78ef03584fee897b0448accde47d80f133b04c1c17143f9c7c1
SSDEEP

98304:0RNEQmwKV3iawdenqye7+Y9IsGZ3KFDil38QyOFhB4DTJHrvrd:0RNgd/4enqye7r9ImZutlFhB4Dhvrd

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SDI_R2309.exe
unpack001/SDI_x64_R2309.exe

Files

ab55d957bc67c671a0c06435eb3b1380.bin
.zip

Password: infected
SDI_R2309.exe
.exe windows:4 windows x86

Password: infected

021b9ee18d11f6bcb9a05f239d5911c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
GetFileSecurityW
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SetFileSecurityW

comctl32

InitCommonControlsEx
PropertySheetW

comdlg32

GetOpenFileNameW

gdi32

BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontW
CreatePen
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
GetObjectW
GetStockObject
GetTextExtentPoint32W
LineTo
MoveToEx
Rectangle
RoundRect
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetDCBrushColor
SetLayout
SetStretchBltMode
SetTextColor
StretchBlt
TextOutW

kernel32

AddVectoredExceptionHandler
CancelIo
CloseHandle
CompareFileTime
CopyFileExW
CopyFileW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileW
CreateIoCompletionPort
CreateMutexW
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateWaitableTimerW
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DosDateTimeToFileTime
DuplicateHandle
EnterCriticalSection
EnumSystemLanguageGroupsW
ExpandEnvironmentStringsW
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileW
FindNextFileW
FindResourceW
FormatMessageA
FormatMessageW
FreeLibrary
GetCommState
GetCommandLineW
GetComputerNameW
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetHandleInformation
GetLastError
GetLogicalDriveStringsW
GetLogicalDrives
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetQueuedCompletionStatus
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemPowerStatus
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryW
GlobalAlloc
GlobalLock
GlobalMemoryStatus
GlobalMemoryStatusEx
GlobalUnlock
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LocalFree
MapViewOfFile
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenEventW
OpenFileMappingW
OutputDebugStringA
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserAPC
RaiseException
ReadDirectoryChangesW
ReadFile
ReadFileScatter
RegisterWaitForSingleObject
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetCommState
SetCommTimeouts
SetConsoleCtrlHandler
SetConsoleMode
SetCurrentDirectoryW
SetEndOfFile
SetEvent
SetFileApisToOEM
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetFileTime
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
SizeofResource
Sleep
SleepEx
SuspendThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
UnregisterWaitEx
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualQuery
VirtualUnlock
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
WriteFileGather
lstrcmpW
lstrcmpiW
lstrcpyW

msimg32

AlphaBlend

msvcrt

__dllonexit
__doserrno
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_fdopen
_filelengthi64
_fileno
_fileno
_fmode
_fstat64
_getcwd
_initterm
_iob
_isatty
_lock
_lseeki64
_onexit
_read
_setjmp3
_snwprintf
_strcmpi
_strdup
_strnicmp
_ultoa
_unlock
_vsnprintf
_vsnwprintf
_wcsicmp
_wfopen
_wfsopen
_wgetcwd
_wmkdir
_wremove
_wrename
_write
_write
_wtoi
abort
atoi
atol
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgetws
fopen
fprintf
fputc
fputs
fputws
fread
free
fsetpos
fwprintf
getwc
gmtime
fwrite
getc
getenv
islower
isspace
isupper
iswctype
iswspace
isxdigit
localeconv
localtime
longjmp
malloc
mbtowc
memchr
memcmp
memcpy
memmove
memset
printf
putc
putwc
rand
realloc
setlocale
setvbuf
signal
sprintf
srand
strcat
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
strxfrm
swscanf
system
time
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
vswprintf
wcscat
wcschr
wcscmp
wcscoll
wcscpy
wcscspn
wcsftime
wcslen
wcsncat
wcsncpy
wcsrchr
wcsstr
wcstol
wcstombs
wcsxfrm
wctomb

newdev

UpdateDriverForPlugAndPlayDevicesW

ole32

CoCreateInstance
CoInitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

oleaut32

SafeArrayDestroy
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantClear
VariantCopy

setupapi

CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDescriptionW
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
SetupDiLoadClassIcon

shell32

CommandLineToArgvW
DragAcceptFiles
DragFinish
DragQueryFileW
SHBrowseForFolderW
SHFormatDrive
SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW
StrStrIA
StrStrIW

shlwapi

PathFileExistsW
PathGetDriveNumberW
PathRemoveFileSpecW
StrFormatByteSizeW

user32

AdjustWindowRectEx
BeginPaint
CallWindowProcW
CharUpperW
ClientToScreen
CloseClipboard
CreateDialogParamW
CreateIconIndirect
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DeleteMenu
DestroyIcon
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawFrameControl
DrawIconEx
DrawTextW
EmptyClipboard
EnableWindow
EndDialog
EndPaint
EnumChildWindows
EnumDisplayDevicesW
FlashWindowEx
GetClassNameW
GetClientRect
GetCursorPos
GetDC
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetForegroundWindow
GetIconInfo
GetMenuItemCount
GetMenuItemInfoW
GetMonitorInfoW
GetParent
GetScrollInfo
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowInfo
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
InsertMenuItemW
InsertMenuW
InvalidateRect
IsDlgButtonChecked
IsWindow
IsZoomed
KillTimer
LoadCursorW
LoadIconW
MapWindowPoints
MessageBoxW
MonitorFromPoint
MoveWindow
MsgWaitForMultipleObjectsEx
OffsetRect
OpenClipboard
PeekMessageW
PostMessageW
PostQuitMessage
RealGetWindowClassW
RegisterClassExW
ReleaseCapture
ReleaseDC
ScreenToClient
SendDlgItemMessageW
SendMessageW
SetActiveWindow
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetMenuItemInfoW
SetScrollInfo
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowTextA
SetWindowTextW
ShowWindow
SwitchToThisWindow
SystemParametersInfoW
TrackMouseEvent
TrackPopupMenu
TranslateMessage
UnregisterClassW
wsprintfA
wsprintfW
wvsprintfA

ws2_32

WSAAddressToStringA
WSAIoctl
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASocketW
WSAStringToAddressA
gethostbyaddr
gethostbyname
getservbyname
getservbyport
inet_addr
inet_ntoa

wsock32

AcceptEx
GetAcceptExSockaddrs
WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostname
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
select
setsockopt
shutdown
socket

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 785KB - Virtual size: 785KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 177KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SDI_auto.bat
SDI_x64_R2309.exe
.exe windows:4 windows x64

Password: infected

acb9b0ecf61afb41e84b9a3fd35baf9d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
GetFileSecurityW
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SetFileSecurityW

comctl32

InitCommonControlsEx
PropertySheetW

comdlg32

GetOpenFileNameW

gdi32

BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontW
CreatePen
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
GetObjectW
GetStockObject
GetTextExtentPoint32W
LineTo
MoveToEx
Rectangle
RoundRect
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetDCBrushColor
SetLayout
SetStretchBltMode
SetTextColor
StretchBlt
TextOutW

kernel32

AddVectoredExceptionHandler
CancelIo
CloseHandle
CompareFileTime
CopyFileExW
CopyFileW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileW
CreateIoCompletionPort
CreateMutexW
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateWaitableTimerW
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DosDateTimeToFileTime
DuplicateHandle
EnterCriticalSection
EnumSystemLanguageGroupsW
ExpandEnvironmentStringsW
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileW
FindNextFileW
FindResourceW
FormatMessageA
FormatMessageW
FreeLibrary
GetCommState
GetCommandLineW
GetComputerNameW
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetHandleInformation
GetLastError
GetLogicalDriveStringsW
GetLogicalDrives
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetQueuedCompletionStatus
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemPowerStatus
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryW
GlobalAlloc
GlobalLock
GlobalMemoryStatusEx
GlobalUnlock
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LocalFree
MapViewOfFile
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenEventW
OpenFileMappingW
OutputDebugStringA
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserAPC
RaiseException
ReadDirectoryChangesW
ReadFile
ReadFileScatter
RegisterWaitForSingleObject
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetCommState
SetCommTimeouts
SetConsoleCtrlHandler
SetConsoleMode
SetCurrentDirectoryW
SetEndOfFile
SetEvent
SetFileApisToOEM
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetFileTime
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
SizeofResource
Sleep
SleepEx
SuspendThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
UnregisterWaitEx
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualQuery
VirtualUnlock
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
WriteFileGather
__C_specific_handler
lstrcmpW
lstrcmpiW
lstrcpyW

msimg32

AlphaBlend

msvcrt

___lc_codepage_func
__dllonexit
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_fdopen
_filelengthi64
_fileno
_fileno
_fmode
_fstat64
_getcwd
_gmtime64
_initterm
_isatty
_localtime64
_lock
_lseeki64
_onexit
_read
_setjmp
_snwprintf
_strcmpi
_strdup
_strnicmp
_ultoa
_time64
_unlock
_vsnprintf
_vsnwprintf
_vswprintf
_wcsicmp
_wfopen
_wfsopen
_wgetcwd
_wmkdir
_wremove
_wrename
_write
_write
_wtoi
abort
atoi
atol
calloc
exit
fclose
feof
fflush
fgetc
fgetpos
fgetws
fopen
fprintf
fputc
fputs
fputws
fread
free
fsetpos
fwprintf
fwrite
getc
getenv
getwc
islower
isspace
isupper
iswctype
iswspace
isxdigit
localeconv
longjmp
malloc
mbtowc
memchr
memcmp
memcpy
memmove
memset
printf
putc
putwc
rand
realloc
setlocale
setvbuf
signal
sprintf
srand
strcat
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
strxfrm
swscanf
system
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
wcscat
wcschr
wcscmp
wcscoll
wcscpy
wcscspn
wcsftime
wcslen
wcsncat
wcsncpy
wcsrchr
wcsstr
wcstol
wcstombs
wcsxfrm
wctomb

newdev

UpdateDriverForPlugAndPlayDevicesW

ole32

CoCreateInstance
CoInitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

oleaut32

SafeArrayDestroy
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantClear
VariantCopy

setupapi

CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDescriptionW
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
SetupDiLoadClassIcon

shell32

CommandLineToArgvW
DragAcceptFiles
DragFinish
DragQueryFileW
SHBrowseForFolderW
SHFormatDrive
SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW
StrStrIA
StrStrIW

shlwapi

PathFileExistsW
PathGetDriveNumberW
PathRemoveFileSpecW
StrFormatByteSizeW

user32

AdjustWindowRectEx
BeginPaint
CallWindowProcW
CharUpperW
ClientToScreen
CloseClipboard
CreateDialogParamW
CreateIconIndirect
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DeleteMenu
DestroyIcon
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawFrameControl
DrawIconEx
DrawTextW
EmptyClipboard
EnableWindow
EndDialog
EndPaint
EnumChildWindows
EnumDisplayDevicesW
FlashWindowEx
GetClassNameW
GetClientRect
GetCursorPos
GetDC
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetForegroundWindow
GetIconInfo
GetMenuItemCount
GetMenuItemInfoW
GetMonitorInfoW
GetParent
GetScrollInfo
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowInfo
GetWindowLongPtrW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
InsertMenuItemW
InsertMenuW
InvalidateRect
IsDlgButtonChecked
IsWindow
IsZoomed
KillTimer
LoadCursorW
LoadIconW
MapWindowPoints
MessageBoxW
MonitorFromPoint
MoveWindow
MsgWaitForMultipleObjectsEx
OffsetRect
OpenClipboard
PeekMessageW
PostMessageW
PostQuitMessage
RealGetWindowClassW
RegisterClassExW
ReleaseCapture
ReleaseDC
ScreenToClient
SendDlgItemMessageW
SendMessageW
SetActiveWindow
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetMenuItemInfoW
SetScrollInfo
SetTimer
SetWindowLongPtrW
SetWindowPlacement
SetWindowPos
SetWindowTextA
SetWindowTextW
ShowWindow
SwitchToThisWindow
SystemParametersInfoW
TrackMouseEvent
TrackPopupMenu
TranslateMessage
UnregisterClassW
wsprintfA
wsprintfW
wvsprintfA

ws2_32

WSAAddressToStringA
WSAIoctl
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASocketW
WSAStringToAddressA
gethostbyaddr
gethostbyname
getservbyname
getservbyport
inet_addr
inet_ntoa

wsock32

AcceptEx
GetAcceptExSockaddrs
WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostname
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
select
setsockopt
shutdown
socket

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 181KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tools/SDI/langs/arabic.txt
tools/SDI/langs/armenian.txt
tools/SDI/langs/azerbaijan.txt
tools/SDI/langs/belarusian.txt
tools/SDI/langs/brazilian.txt
tools/SDI/langs/bulgarian.txt
tools/SDI/langs/catalan.txt
tools/SDI/langs/chinese.txt
tools/SDI/langs/chinese_cn.txt
tools/SDI/langs/chinese_tw.txt
tools/SDI/langs/chinese_zh.txt
tools/SDI/langs/croatian.txt
tools/SDI/langs/czech.txt
tools/SDI/langs/danish.txt
tools/SDI/langs/dutch.txt
tools/SDI/langs/english.txt
tools/SDI/langs/estonian.txt
tools/SDI/langs/farsi.txt
tools/SDI/langs/french.txt
tools/SDI/langs/georgian.txt
tools/SDI/langs/german.txt
tools/SDI/langs/greek.txt
tools/SDI/langs/hebrew.txt
tools/SDI/langs/hungarian.txt
tools/SDI/langs/indonesian.txt
tools/SDI/langs/italian.txt
tools/SDI/langs/japanese.txt
tools/SDI/langs/korean.txt
tools/SDI/langs/latvian.txt
tools/SDI/langs/lithuanian.txt
tools/SDI/langs/move_all.bat
tools/SDI/langs/norwegian.txt
tools/SDI/langs/polish.txt
tools/SDI/langs/portuguese.txt
tools/SDI/langs/romanian.txt
tools/SDI/langs/russian.txt
tools/SDI/langs/slovak.txt
tools/SDI/langs/slovenian.txt
tools/SDI/langs/source.ini
tools/SDI/langs/spanish.txt
tools/SDI/langs/swedish.txt
tools/SDI/langs/thai.txt
tools/SDI/langs/turkish.txt
tools/SDI/langs/ukrainian.txt
tools/SDI/langs/vietnamese.txt
tools/SDI/settings.cfg
tools/SDI/themes/arsenic.txt
tools/SDI/themes/arsenic/c16.webp
tools/SDI/themes/arsenic/c23.webp
tools/SDI/themes/arsenic/downup.webp
tools/SDI/themes/arsenic/unc16.webp
tools/SDI/themes/arsenic/unc23.webp
tools/SDI/themes/atardecer.txt
tools/SDI/themes/atardecer/checkedgray.webp
tools/SDI/themes/atardecer/checkedorange.webp
tools/SDI/themes/atardecer/downup.webp
tools/SDI/themes/atardecer/sdi.webp
tools/SDI/themes/atardecer/uncheckedgray.webp
tools/SDI/themes/atardecer/uncheckedorange.webp
tools/SDI/themes/atardecer/uncheckedwhite.webp
tools/SDI/themes/classic.txt
tools/SDI/themes/classic/bg.webp
tools/SDI/themes/classic/ch_h.webp
tools/SDI/themes/classic/ch_n.webp
tools/SDI/themes/classic/dnh.webp
tools/SDI/themes/classic/dnn.webp
tools/SDI/themes/classic/unch_h.webp
tools/SDI/themes/classic/unch_n.webp
tools/SDI/themes/classic/uph.webp
tools/SDI/themes/classic/upn.webp
tools/SDI/themes/coax.txt
tools/SDI/themes/coax/checked.webp
tools/SDI/themes/coax/checked_h.webp
tools/SDI/themes/coax/down.webp
tools/SDI/themes/coax/down_h.webp
tools/SDI/themes/coax/unchecked.webp
tools/SDI/themes/coax/unchecked_h.webp
tools/SDI/themes/coax/up.webp
tools/SDI/themes/color.7z
.7z

Password: infected
grass.txt
sky_clouds.txt
winter.txt
tools/SDI/themes/dark.txt
tools/SDI/themes/dark/sdi.webp
tools/SDI/themes/dark/thinblue.webp
tools/SDI/themes/dark/thinblue_h.webp
tools/SDI/themes/dark/thinblueglass.webp
tools/SDI/themes/dark/thinblueglass_h.webp
tools/SDI/themes/dark/wideblueglass.webp
tools/SDI/themes/dark/wideblueglass_h.webp
tools/SDI/themes/grass.txt
tools/SDI/themes/grass/button.webp
tools/SDI/themes/grass/button_2.webp
tools/SDI/themes/grass/button_2d.webp
tools/SDI/themes/grass/button_2s.webp
tools/SDI/themes/grass/button_h.webp
tools/SDI/themes/grass/checked.webp
tools/SDI/themes/grass/main.webp
tools/SDI/themes/grass/semi.webp
tools/SDI/themes/grass/unchecked.webp
tools/SDI/themes/gray.txt
tools/SDI/themes/green_blue.txt
tools/SDI/themes/green_blue/button.webp
tools/SDI/themes/green_blue/button_2.webp
tools/SDI/themes/green_blue/button_2d.webp
tools/SDI/themes/green_blue/button_2s.webp
tools/SDI/themes/green_blue/button_h.webp
tools/SDI/themes/green_blue/checked.webp
tools/SDI/themes/green_blue/main.webp
tools/SDI/themes/green_blue/semi.webp
tools/SDI/themes/green_blue/unchecked.webp
tools/SDI/themes/happy_bird.txt
tools/SDI/themes/happy_bird/button.webp
tools/SDI/themes/happy_bird/button_2.webp
tools/SDI/themes/happy_bird/button_2d.webp
tools/SDI/themes/happy_bird/button_2s.webp
tools/SDI/themes/happy_bird/button_h.webp
tools/SDI/themes/happy_bird/checked.webp
tools/SDI/themes/happy_bird/main.webp
tools/SDI/themes/happy_bird/semi.webp
tools/SDI/themes/happy_bird/unchecked.webp
tools/SDI/themes/happy_new_year.txt
tools/SDI/themes/happy_new_year/button.webp
tools/SDI/themes/happy_new_year/button_2.webp
tools/SDI/themes/happy_new_year/button_2d.webp
tools/SDI/themes/happy_new_year/button_2s.webp
tools/SDI/themes/happy_new_year/button_h.webp
tools/SDI/themes/happy_new_year/checked.webp
tools/SDI/themes/happy_new_year/main.webp
tools/SDI/themes/happy_new_year/semi.webp
tools/SDI/themes/happy_new_year/unchecked.webp
tools/SDI/themes/lite.txt
tools/SDI/themes/lite/c16.webp
tools/SDI/themes/lite/c23.webp
tools/SDI/themes/lite/downup.webp
tools/SDI/themes/lite/unc16.webp
tools/SDI/themes/lite/unc23.webp
tools/SDI/themes/metallic.txt
tools/SDI/themes/metallic/checked.webp
tools/SDI/themes/metallic/unchecked.webp
tools/SDI/themes/metallic_color.txt
tools/SDI/themes/metallic_new.txt
tools/SDI/themes/metallic_new/button.webp
tools/SDI/themes/metallic_new/button_2.webp
tools/SDI/themes/metallic_new/button_2d.webp
tools/SDI/themes/metallic_new/button_2s.webp
tools/SDI/themes/metallic_new/button_h.webp
tools/SDI/themes/metallic_new/checked.webp
tools/SDI/themes/metallic_new/main2.webp
tools/SDI/themes/metallic_new/semi.webp
tools/SDI/themes/metallic_new/unchecked.webp
tools/SDI/themes/metro.txt
tools/SDI/themes/metro/checked.webp
tools/SDI/themes/metro/unchecked.webp
tools/SDI/themes/new_tree.txt
tools/SDI/themes/new_tree/button.webp
tools/SDI/themes/new_tree/button_2.webp
tools/SDI/themes/new_tree/button_2d.webp
tools/SDI/themes/new_tree/button_2s.webp
tools/SDI/themes/new_tree/button_h.webp
tools/SDI/themes/new_tree/checked.webp
tools/SDI/themes/new_tree/main.webp
tools/SDI/themes/new_tree/semi.webp
tools/SDI/themes/new_tree/unchecked.webp
tools/SDI/themes/nordsee.txt
tools/SDI/themes/nordsee/button.webp
tools/SDI/themes/nordsee/button_2.webp
tools/SDI/themes/nordsee/button_2d.webp
tools/SDI/themes/nordsee/button_2s.webp
tools/SDI/themes/nordsee/button_h.webp
tools/SDI/themes/nordsee/checked.webp
tools/SDI/themes/nordsee/main.webp
tools/SDI/themes/nordsee/semi.webp
tools/SDI/themes/nordsee/unchecked.webp
tools/SDI/themes/old_ware.txt
tools/SDI/themes/old_ware/button.webp
tools/SDI/themes/old_ware/button_2.webp
tools/SDI/themes/old_ware/button_2d.webp
tools/SDI/themes/old_ware/button_2s.webp
tools/SDI/themes/old_ware/button_h.webp
tools/SDI/themes/old_ware/checked.webp
tools/SDI/themes/old_ware/main.webp
tools/SDI/themes/old_ware/semi.webp
tools/SDI/themes/old_ware/unchecked.webp
tools/SDI/themes/sky_clouds.txt
tools/SDI/themes/sky_clouds/button.webp
tools/SDI/themes/sky_clouds/button_2.webp
tools/SDI/themes/sky_clouds/button_2d.webp
tools/SDI/themes/sky_clouds/button_2s.webp
tools/SDI/themes/sky_clouds/button_h.webp
tools/SDI/themes/sky_clouds/checked.webp
tools/SDI/themes/sky_clouds/main.webp
tools/SDI/themes/sky_clouds/semi.webp
tools/SDI/themes/sky_clouds/unchecked.webp
tools/SDI/themes/tweekend.txt
tools/SDI/themes/tweekend/button.webp
tools/SDI/themes/tweekend/button_2.webp
tools/SDI/themes/tweekend/button_2d.webp
tools/SDI/themes/tweekend/button_2s.webp
tools/SDI/themes/tweekend/button_h.webp
tools/SDI/themes/tweekend/checked.webp
tools/SDI/themes/tweekend/ico.webp
tools/SDI/themes/tweekend/main.webp
tools/SDI/themes/tweekend/semi.webp
tools/SDI/themes/tweekend/unchecked.webp
tools/SDI/themes/winter.txt
tools/SDI/themes/winter/button.webp
tools/SDI/themes/winter/button_2.webp
tools/SDI/themes/winter/button_2d.webp
tools/SDI/themes/winter/button_2s.webp
tools/SDI/themes/winter/button_h.webp
tools/SDI/themes/winter/checked.webp
tools/SDI/themes/winter/semi.webp
tools/SDI/themes/winter/unchecked.webp
tools/SDI/themes/winter/winter.webp
tools/SDI/themes/yaschir.txt
tools/SDI/themes/yaschir/checked.webp
tools/SDI/themes/yaschir/install1.webp
tools/SDI/themes/yaschir/install2.webp
tools/SDI/themes/yaschir/main.webp
tools/SDI/themes/yaschir/optiona1.webp
tools/SDI/themes/yaschir/optiona2.webp
tools/SDI/themes/yaschir/optionb1.webp
tools/SDI/themes/yaschir/optionb2.webp
tools/SDI/themes/yaschir/screen.webp
tools/SDI/themes/yaschir/selectall1.webp
tools/SDI/themes/yaschir/selectall2.webp
tools/SDI/themes/yaschir/selectnone1.webp
tools/SDI/themes/yaschir/selectnone2.webp
tools/SDI/themes/yaschir/semi.webp
tools/SDI/themes/yaschir/semi2.webp
tools/SDI/themes/yaschir/unchecked.webp
tools/SDI/themes/yasdi.txt
tools/SDI/themes/yasdi/bg.webp
tools/SDI/themes/yasdi/ch_h.webp
tools/SDI/themes/yasdi/ch_n.webp
tools/SDI/themes/yasdi/dnh.webp
tools/SDI/themes/yasdi/dnn.webp
tools/SDI/themes/yasdi/unch_h.webp
tools/SDI/themes/yasdi/unch_n.webp
tools/SDI/themes/yasdi/uph.webp
tools/SDI/themes/yasdi/upn.webp

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

021b9ee18d11f6bcb9a05f239d5911c3

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

kernel32

msimg32

msvcrt

newdev

ole32

oleaut32

setupapi

shell32

shlwapi

user32

ws2_32

wsock32

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.data Size: 58KB - Virtual size: 58KB

.rdata Size: 318KB - Virtual size: 317KB

.eh_fram Size: 785KB - Virtual size: 785KB

.bss Size: - Virtual size: 177KB

.idata Size: 16KB - Virtual size: 15KB

.CRT Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 416KB - Virtual size: 415KB

Password: infected

acb9b0ecf61afb41e84b9a3fd35baf9d

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

kernel32

msimg32

msvcrt

newdev

ole32

oleaut32

setupapi

shell32

shlwapi

user32

ws2_32

wsock32

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.data Size: 83KB - Virtual size: 82KB

.rdata Size: 367KB - Virtual size: 367KB

.pdata Size: 138KB - Virtual size: 137KB

.xdata Size: 254KB - Virtual size: 254KB

.bss Size: - Virtual size: 181KB

.idata Size: 20KB - Virtual size: 20KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 104B

.rsrc Size: 416KB - Virtual size: 415KB

Password: infected

.text
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 58KB - Virtual size: 58KB

.rdata
Size: 318KB - Virtual size: 317KB

.eh_fram
Size: 785KB - Virtual size: 785KB

.bss
Size: - Virtual size: 177KB

.idata
Size: 16KB - Virtual size: 15KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 416KB - Virtual size: 415KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.data
Size: 83KB - Virtual size: 82KB

.rdata
Size: 367KB - Virtual size: 367KB

.pdata
Size: 138KB - Virtual size: 137KB

.xdata
Size: 254KB - Virtual size: 254KB

.bss
Size: - Virtual size: 181KB

.idata
Size: 20KB - Virtual size: 20KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 416KB - Virtual size: 415KB