3e7b9d2a5ed52d7dc1e62bd5fad1b065454bf33bbda2c37fdc03c6950f6705f1

Sharing

Copy URL Twitter E-mail

General

Target

3e7b9d2a5ed52d7dc1e62bd5fad1b065454bf33bbda2c37fdc03c6950f6705f1
Size

9.1MB
MD5

04375bc7cc9c9a268ac24b617aafab93
SHA1

1771ddbe27d4c967f862e4847f8277b19381c2c7
SHA256

3e7b9d2a5ed52d7dc1e62bd5fad1b065454bf33bbda2c37fdc03c6950f6705f1
SHA512

32059d6f40dc431967bd0c273956681fde3db276b6a35e69a56072c9de8769d08e26c0445845ccb4dea475459ef58f13f03a619e60ee817d9baa1482b5cc65a2
SSDEEP

196608:SRrBVBT8qQGim0AsM0Z8HGIWBeFkUVUlp/NQulUx5Zu2f4tSF6:WrBglADXGbBQkUVU1Ql582fPM

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/FeiQ.exe
unpack001/uninst.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

3e7b9d2a5ed52d7dc1e62bd5fad1b065454bf33bbda2c37fdc03c6950f6705f1
.zip
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86

738dc9bb91549f627cf1953c2000e1d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryA
MultiByteToWideChar
SetCurrentDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock

user32

GetDlgCtrlID
CloseClipboard
GetClipboardData
MapWindowPoints
LoadCursorA
GetClientRect
SetWindowRgn
LoadIconA
GetWindowLongA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
SetCursor
PtInRect
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
EnableMenuItem
DrawTextA
GetSystemMenu
OpenClipboard
LoadImageA

gdi32

SetTextColor
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectA

shell32

SHGetPathFromIDListA
ShellExecuteA
SHBrowseForFolderA
SHGetDesktopFolder

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86

0ddbc7ffccf920bda2ba718277436780

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MulDiv
lstrcatA
FindClose
lstrcmpiA
GetModuleHandleA
GlobalFree
lstrcpynA
GlobalAlloc
FindNextFileA
lstrcpyA
FindFirstFileA

user32

GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
ScreenToClient
GetDlgItem
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
DestroyWindow
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
CreateDialogParamA
SetWindowLongA
wsprintfA
PostMessageA
CallWindowProcA
GetWindowLongA

gdi32

SelectObject
GetTextMetricsA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
FeiQ.exe
.exe windows:5 windows x86

53b3f0b7f814f19b5fd1a267c9b44ec4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathCombineW
PathStripToRootW
PathRemoveExtensionW
PathIsDirectoryW
PathFindExtensionW
PathIsRelativeW
PathFindFileNameW
PathRemoveFileSpecW
PathCanonicalizeW
PathAddBackslashW
PathAddExtensionW
PathAppendW
PathRenameExtensionW
PathRemoveBackslashW
PathStripPathW
PathIsDirectoryEmptyW
PathGetDriveNumberW
UrlUnescapeW
PathIsUNCW
StrToIntW
PathFileExistsW

winmm

waveOutOpen
timeBeginPeriod
timeGetTime
timeEndPeriod
sndPlaySoundA
mixerOpen
waveInClose
mixerGetID
waveInOpen
mixerGetLineControlsW
mixerGetLineInfoW
mixerClose
waveOutClose
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInReset
waveInStart
waveInGetErrorTextW
waveOutUnprepareHeader
mixerGetNumDevs
PlaySoundW
waveOutGetErrorTextW
waveOutWrite
waveOutPrepareHeader

iphlpapi

SendARP
GetAdaptersInfo
GetIfTable

ws2_32

WSARecv
WSASend
WSASendTo
WSAIoctl
ntohs
shutdown
__WSAFDIsSet
getsockopt
getpeername
connect
accept
recvfrom
sendto
WSAAsyncSelect
WSACleanup
WSAStartup
socket
WSASetLastError
getsockname
bind
ioctlsocket
setsockopt
listen
inet_ntoa
WSAGetLastError
recv
closesocket
select
send
inet_addr
gethostbyname
htonl
ntohl
htons
gethostname

kernel32

CompareFileTime
SetCurrentDirectoryW
RemoveDirectoryW
InterlockedExchange
QueryPerformanceFrequency
LocalFileTimeToFileTime
InterlockedExchangeAdd
CreateMutexW
GetModuleHandleA
OutputDebugStringA
SetFilePointerEx
TryEnterCriticalSection
GetCurrentThread
IsDebuggerPresent
GetEnvironmentVariableW
lstrlenA
GetComputerNameW
OpenProcess
TerminateProcess
CompareStringW
MoveFileW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
LockFileEx
PulseEvent
WaitForSingleObjectEx
ReleaseSemaphore
OpenMutexW
CreateSemaphoreW
OpenSemaphoreW
GetDiskFreeSpaceExW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
MapViewOfFileEx
Module32FirstW
VirtualProtect
FlushInstructionCache
VirtualQuery
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
CreateActCtxW
ReleaseActCtx
GetThreadLocale
SuspendThread
lstrcmpA
GetStringTypeExW
DuplicateHandle
GlobalGetAtomNameW
GetAtomNameW
GetFileSizeEx
GetUserDefaultLCID
ReplaceFileW
CompareStringA
GetLocaleInfoW
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GetPrivateProfileIntW
GlobalFlags
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
LocalUnlock
LocalLock
FindResourceExW
GetNumberFormatW
SearchPathW
HeapSetInformation
RtlUnwind
DecodePointer
EncodePointer
HeapReAlloc
GetTimeFormatW
GetDateFormatW
VirtualAlloc
GetConsoleCP
GetConsoleMode
GetStringTypeW
GetCPInfo
HeapSize
SetStdHandle
GetFileType
HeapQueryInformation
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
HeapDestroy
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetOEMCP
IsValidCodePage
LCMapStringW
FatalAppExitA
GetTimeZoneInformation
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
WriteConsoleW
SetEnvironmentVariableA
FlushFileBuffers
GetFileAttributesA
FormatMessageA
GetSystemTimeAsFileTime
UnlockFileEx
LockFile
UnlockFile
InterlockedCompareExchange
QueryPerformanceCounter
CreateFileA
MoveFileExW
LocalAlloc
GetExitCodeThread
GetLongPathNameW
GetLogicalDriveStringsW
QueryDosDeviceW
UnmapViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
GetPrivateProfileStringW
GetACP
SetEvent
ResetEvent
CreateEventW
GetShortPathNameW
LocalFlags
GetSystemTime
GetComputerNameA
TerminateThread
InterlockedIncrement
GetCommandLineW
CreateMutexA
ReleaseMutex
SetUnhandledExceptionFilter
lstrcmpiW
LoadLibraryExW
RaiseException
InitializeCriticalSectionAndSpinCount
GetWindowsDirectoryW
lstrcatW
GetDriveTypeW
FindNextFileW
CreatePipe
GetStartupInfoW
CreateProcessW
ReadFile
FormatMessageW
LocalFree
IsDBCSLeadByte
GetFullPathNameW
GetFullPathNameA
FindFirstFileW
GetFileInformationByHandle
GetFileAttributesW
SystemTimeToFileTime
GlobalReAlloc
GetLocalTime
GetSystemDirectoryW
FindClose
GetProfileStringW
WriteProfileStringW
GetProfileIntW
GetCurrentProcessId
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpyW
IsBadCodePtr
lstrcpynW
GlobalAlloc
GlobalUnlock
GlobalFree
GetCurrentThreadId
GetProcessHeap
HeapAlloc
HeapFree
GetVersionExW
GetVolumeInformationW
SetPriorityClass
DeviceIoControl
DeleteCriticalSection
InitializeCriticalSection
CreateDirectoryW
SetThreadLocale
ExitThread
EnterCriticalSection
LeaveCriticalSection
WriteFile
CreateFileW
SetFilePointer
SetEndOfFile
SetFileAttributesW
IsBadReadPtr
WideCharToMultiByte
FreeResource
GlobalSize
GlobalLock
Sleep
GetTickCount
MulDiv
WinExec
GetModuleFileNameW
ExitProcess
GetCurrentProcess
SetProcessWorkingSetSize
CopyFileW
FreeLibrary
SetFileTime
InterlockedDecrement
GetTempPathW
GetTempFileNameW
lstrlenW
WaitForSingleObject
CloseHandle
CreateThread
SetThreadPriority
ResumeThread
MultiByteToWideChar
DeleteFileW
LoadResource
LockResource
SizeofResource
FindResourceW
GetModuleHandleW
LoadLibraryW
ActivateActCtx
GetProcAddress
GetLastError
DeactivateActCtx
SetLastError
GetVersion
GetCurrentDirectoryW
DeleteFileA
AreFileApisANSI
GetTempPathA
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
LoadLibraryA
GetDiskFreeSpaceW
GetTimeFormatA
GetDateFormatA
WritePrivateProfileStringW

user32

SubtractRect
GetDoubleClickTime
CharUpperBuffW
SendNotifyMessageW
SetMenuDefaultItem
CreateMenu
MapVirtualKeyExW
IsCharLowerW
InSendMessage
MonitorFromPoint
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
DestroyAcceleratorTable
InvertRect
GetMenuDefaultItem
SetParent
GetNextDlgGroupItem
CopyAcceleratorTableW
SetLayeredWindowAttributes
UnregisterClassW
GetDialogBaseUnits
RealChildWindowFromPoint
UnpackDDElParam
ReuseDDElParam
GetMenuBarInfo
LoadAcceleratorsW
InsertMenuItemW
TranslateAcceleratorW
TranslateMDISysAccel
DrawMenuBar
DefFrameProcW
WaitMessage
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
NotifyWinEvent
ValidateRect
RemoveMenu
GetMenuStringW
ScrollWindowEx
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SendDlgItemMessageW
SendDlgItemMessageA
GetWindowTextLengthW
GetMessageTime
MonitorFromWindow
MapWindowPoints
ScrollWindow
GetClassInfoExW
SetWindowPlacement
GetWindowPlacement
MapVirtualKeyW
GetKeyNameTextW
SetActiveWindow
CreateDialogIndirectParamW
GetComboBoxInfo
MenuItemFromPoint
SetScrollRange
GetScrollRange
GetScrollPos
SetScrollPos
AnimateWindow
WindowFromDC
GetWindowLongA
GetWindowRgn
SetWindowTextW
GetDlgItem
UpdateLayeredWindow
SetMenu
GetScrollInfo
SetScrollInfo
EnableScrollBar
GetClassLongW
GetTopWindow
EnumChildWindows
GetUpdateRect
CharUpperW
CharLowerW
GetWindowInfo
IsWindowEnabled
CreateIconIndirect
EndPaint
GetLastActivePopup
DialogBoxIndirectParamW
BeginPaint
EndDialog
LoadStringW
WinHelpW
EnumDisplayMonitors
EnumClipboardFormats
GetKeyboardLayout
CountClipboardFormats
GetKeyboardLayoutList
GetMonitorInfoW
ExitWindowsEx
RegisterClassW
WaitForInputIdle
CallWindowProcA
GetAsyncKeyState
TrackMouseEvent
LockWindowUpdate
PostThreadMessageW
SetWindowRgn
ClipCursor
HideCaret
GetSysColorBrush
GetClassInfoW
DestroyWindow
RegisterClassExW
CreateWindowExW
DefWindowProcW
CallWindowProcW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetMenuItemRect
IsMenu
SetMenuItemInfoW
SetPropW
GetMenuItemInfoW
InsertMenuW
keybd_event
mouse_event
GetWindowDC
EnumThreadWindows
RemovePropW
SetClassLongW
FindWindowW
GetSystemMenu
CharNextW
CopyIcon
GetCursor
IsChild
AdjustWindowRectEx
UnionRect
DrawEdge
ChildWindowFromPoint
DrawFocusRect
GetMessagePos
DrawIconEx
SetWindowLongA
GetWindowRect
SendMessageW
InvalidateRect
GrayStringW
DrawTextExW
TabbedTextOutW
GetDlgCtrlID
DrawFrameControl
ScrollDC
DrawTextW
GetTabbedTextExtentW
GetMenuState
LoadImageW
DrawStateW
FrameRect
TrackPopupMenuEx
WindowFromPoint
GetActiveWindow
GetNextDlgTabItem
DestroyMenu
SetWindowPos
FillRect
InvalidateRgn
IsRectEmpty
EmptyClipboard
DrawIcon
DestroyCursor
ShowScrollBar
wsprintfA
PostQuitMessage
RedrawWindow
GetSysColor
OffsetRect
GetForegroundWindow
AttachThreadInput
CopyImage
GetCapture
SetCapture
UpdateWindow
GetDCEx
EqualRect
ReleaseCapture
SetRect
SetCursor
InflateRect
LoadCursorW
SetRectEmpty
RegisterClipboardFormatW
SetClipboardData
GetDC
ReleaseDC
CheckMenuItem
ModifyMenuW
TrackPopupMenu
GetMessageW
MoveWindow
SetFocus
GetLastInputInfo
GetClassNameW
GetWindowThreadProcessId
ShowWindow
EnumWindows
FindWindowExW
DestroyIcon
GetCursorPos
GetSubMenu
LoadMenuW
EnableWindow
LoadIconW
SetWindowLongW
GetWindowLongW
GetClientRect
SetTimer
SetForegroundWindow
BringWindowToTop
GetDesktopWindow
KillTimer
UnregisterHotKey
RegisterHotKey
IsWindowVisible
IsWindow
RegisterWindowMessageW
GetMenuItemID
GetMenuItemCount
GetMenu
AppendMenuW
DeleteMenu
EnableMenuItem
PostMessageW
LoadBitmapW
GetIconInfo
GetSystemMetrics
IsZoomed
GetKeyState
ScreenToClient
CopyRect
DispatchMessageW
TranslateMessage
PeekMessageW
SetCursorPos
GetParent
GetFocus
IsIconic
DefMDIChildProcW
FlashWindow
MessageBeep
GetPropW
SystemParametersInfoW
CreatePopupMenu
ClientToScreen
IntersectRect
GetWindow
GetClipboardData
IsClipboardFormatAvailable
CloseClipboard
OpenClipboard
PtInRect
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
MessageBoxW
wsprintfW
GetWindowTextW

gdi32

CreateSolidBrush
CreateFontW
SetTextColor
SetBkColor
GetBkColor
GetDIBColorTable
CreateHalftonePalette
GetClipBox
GetCurrentObject
GetTextColor
SetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
CreateRectRgnIndirect
Polygon
FrameRgn
CreatePolygonRgn
PtInRegion
Arc
SetDIBitsToDevice
StretchDIBits
CreateMetaFileW
CloseMetaFile
GetTextMetricsW
EndDoc
AbortDoc
SetAbortProc
EndPage
Escape
CombineRgn
SelectObject
SetPixelV
GetTextFaceW
GetTextAlign
GetStretchBltMode
GetROP2
CreateCompatibleBitmap
CreateRectRgn
GetPolyFillMode
GetBkMode
GetNearestColor
SetPaletteEntries
StretchBlt
BitBlt
CreateCompatibleDC
GetPixel
GetTextExtentPoint32W
CreateFontIndirectW
CreatePen
Rectangle
UnrealizeObject
PatBlt
CreateBitmap
CreatePatternBrush
CreatePalette
StartPage
Polyline
GetSystemPaletteEntries
GetNearestPaletteIndex
GetPaletteEntries
GetRgnBox
GetTextCharsetInfo
GetCharWidthW
GetMapMode
SetRectRgn
CreateHatchBrush
ExtCreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
CreateDIBitmap
DeleteObject
GetObjectW
Ellipse
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetBoundsRect
GetViewportOrgEx
DeleteDC
GetDeviceCaps
DeleteMetaFile
CreateDCW
ScaleWindowExtEx
OffsetWindowOrgEx
ScaleViewportExtEx
OffsetViewportOrgEx
StartDocW
SetColorAdjustment
SetArcDirection
SetLayout
GetLayout
SetMapperFlags
SetTextCharacterExtra
SetTextAlign
OffsetClipRgn
IntersectClipRect
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetPolyFillMode
CopyMetaFileW
GetTextExtentPointW
BeginPath
EndPath
SelectClipPath
LPtoDP
DPtoLP
GetViewportExtEx
GetWindowExtEx
SetROP2
OffsetRgn
GetBitmapDimensionEx
SetDIBColorTable
SetDIBits
ExcludeClipRect
SetMapMode
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
GetClipRgn
SelectClipRgn
SaveDC
ExtSelectClipRgn
RestoreDC
CreateDIBPatternBrushPt
SetBrushOrgEx
CreateDIBSection
SetTextJustification
SetBkMode
EnumFontFamiliesExW
EnumFontFamiliesW
CreateICW
ExtCreateRegion
GetDCOrgEx
FillRgn
MoveToEx
LineTo
CreateEllipticRgn
RoundRect
CreateRoundRectRgn
ExtFloodFill
PolyBezier
SetStretchBltMode
GetWindowOrgEx

msimg32

GradientFill
TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
GetJobW
DocumentPropertiesW

advapi32

RegFlushKey
RegCloseKey
RegOpenKeyExW
RegQueryValueW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegRestoreKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
IsTextUnicode
RegEnumKeyW
GetFileSecurityW
SetFileSecurityW
RegSetValueW
RegQueryValueExW
GetUserNameW
RegEnumValueW
GetUserNameA
RegSaveKeyW
OpenProcessToken

shell32

SHAppBarMessage
SHGetDesktopFolder
SHAddToRecentDocs
SHGetMalloc
CommandLineToArgvW
SHGetFolderPathW
ord680
SHGetSpecialFolderLocation
Shell_NotifyIconW
ExtractIconW
ShellExecuteExW
SHChangeNotify
SHGetSpecialFolderPathW
DragQueryFileW
DragFinish
SHFileOperationW
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW

comctl32

_TrackMouseEvent
ImageList_Draw
ImageList_GetIcon
ImageList_GetIconSize
ord17
ImageList_AddMasked
ImageList_Create
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_DrawEx

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream
OleRun
CoCreateInstance
CoCreateGuid
OleSetContainedObject
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleCreateFromFile
OleCreateLinkToFile
OleGetIconOfClass
CreateItemMoniker
CreateGenericComposite
OleRegEnumVerbs
OleQueryCreateFromData
OleQueryLinkFromData
OleIsRunning
GetRunningObjectTable
CoGetMalloc
CreateOleAdviseHolder
CreateDataAdviseHolder
OleSave
CoRegisterMessageFilter
OleSetMenuDescriptor
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
StgIsStorageFile
StgOpenStorage
CreateFileMoniker
StgCreateDocfile
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
WriteClassStm
StgOpenStorageOnILockBytes
CoGetClassObject
OleGetClipboard
DoDragDrop
GetHGlobalFromILockBytes
OleLoad
OleCreate
OleCreateLinkFromData
OleCreateFromData
OleSaveToStream
OleIsCurrentClipboard
OleSetClipboard
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleDraw
CoDisconnectObject
PropVariantCopy
CoTreatAsClass
CreateBindCtx
ReadClassStg
ReleaseStgMedium
OleDuplicateData
OleCreateStaticFromData
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
StringFromGUID2
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoInitializeEx
StringFromCLSID
CLSIDFromString
CLSIDFromProgID
ProgIDFromCLSID
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
OleRegGetMiscStatus
ReadFmtUserTypeStg
OleFlushClipboard

oleaut32

SetErrorInfo
CreateErrorInfo
SysStringLen
SafeArrayCreate
VariantChangeType
VarDateFromStr
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayUnlock
SafeArrayRedim
SafeArrayLock
SafeArrayGetVartype
SafeArrayCopy
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysReAllocStringLen
OleLoadPicture
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
OleCreateFontIndirect
SafeArrayCreateVector
RegisterTypeLi
VarUI4FromStr
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SystemTimeToVariantTime
VariantTimeToSystemTime
VarUdateFromDate
VariantCopy
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
VariantClear
SysFreeString
LoadRegTypeLi
UnRegisterTypeLi
VarCyFromStr
LoadTypeLi
SafeArrayPutElement
GetErrorInfo

oledlg

OleUIBusyW

gdiplus

GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipCreateFromHDC
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP

wininet

FtpCreateDirectoryW
HttpOpenRequestW
InternetOpenUrlW
GopherOpenFileW
InternetConnectW
FtpFindFirstFileW
GopherCreateLocatorW
FtpCommandW
FtpOpenFileW
GopherGetAttributeW
HttpSendRequestExW
HttpEndRequestW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
GopherFindFirstFileW
InternetCloseHandle
InternetFindNextFileW
HttpQueryInfoW
HttpAddRequestHeadersW
InternetErrorDlg
FtpGetFileW
FtpPutFileW
FtpGetCurrentDirectoryW
FtpSetCurrentDirectoryW
FtpRemoveDirectoryW
FtpRenameFileW
FtpDeleteFileW
InternetSetOptionExW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetGetCookieW
InternetSetCookieW
InternetQueryOptionW
InternetTimeFromSystemTimeW
DeleteUrlCacheEntryW
CreateUrlCacheEntryW
CommitUrlCacheEntryW
SetUrlCacheEntryInfoW
GetUrlCacheEntryInfoW
InternetQueryDataAvailable

netapi32

NetShareEnum

odbc32

ord154
ord31
ord30
ord49
ord48
ord43
ord29
ord9
ord140
ord13
ord18
ord141
ord167
ord111
ord20
ord59
ord108
ord139
ord24
ord170
ord166
ord165
ord147
ord153
ord119
ord156
ord16
ord4
ord136
ord160
ord75
ord12
ord72
ord107
ord176

dbghelp

SymSetOptions
SymFunctionTableAccess64
SymGetLineFromAddr64
SymInitialize
StackWalk64
SymFromAddr
SymGetModuleBase64

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoA
VerQueryValueA

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext
ImmIsIME

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

sensapi

IsNetworkAlive

Sections

.text
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[NSIS].nsi
uninst.exe
.exe windows:4 windows x86

12082e77cfc7e34f96f21f95764c8ac3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetShortPathNameA
GetFullPathNameA
MoveFileA
GetLastError
SetCurrentDirectoryA
GetFileAttributesA
SearchPathA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
CompareFileTime
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrcatA
GetSystemDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetCommandLineA
GetTempPathA
GetProcAddress
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
ReadFile
WriteFile
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
FreeLibrary
MulDiv
LoadLibraryExA
GetModuleHandleA

user32

GetWindowRect
EnableMenuItem
GetSystemMenu
ScreenToClient
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SystemParametersInfoA
RegisterClassA
EndDialog
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
SetTimer
OpenClipboard
SetWindowTextA
GetDC
LoadImageA
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
SetClipboardData
EmptyClipboard
DestroyWindow
ExitWindowsEx
SetForegroundWindow
PostQuitMessage
CreateDialogParamA

gdi32

SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_Destroy
ord17
ImageList_AddMasked

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

738dc9bb91549f627cf1953c2000e1d6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

0ddbc7ffccf920bda2ba718277436780

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 1024B - Virtual size: 518B

53b3f0b7f814f19b5fd1a267c9b44ec4

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

winmm

iphlpapi

ws2_32

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

oledlg

gdiplus

wininet

netapi32

odbc32

dbghelp

version

imm32

oleacc

sensapi

Sections

.text Size: 10.5MB - Virtual size: 10.5MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 114KB - Virtual size: 191KB

.rsrc Size: 5.2MB - Virtual size: 5.2MB

12082e77cfc7e34f96f21f95764c8ac3

Headers

DLL Characteristics

File Characteristics

Imports

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 1024B - Virtual size: 518B

.text
Size: 10.5MB - Virtual size: 10.5MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 114KB - Virtual size: 191KB

.rsrc
Size: 5.2MB - Virtual size: 5.2MB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 113KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 16KB