redline | Random file mystery pot Suprise[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Random file mystery pot Suprise.zip
Size

7.8MB
MD5

4304c66e786cd42c4bb09c6f6766fe49
SHA1

e48d47e5e689ef4dcb73e278b9b6be0407cf2147
SHA256

052e54df0b86483f84bbff6504e202c36e7bc25885e369e830dd7086fb7c7562
SHA512

711b5e410f283a64887e6e2857967a905a9ddc9762bf974b228c3ef951fa475bed3c0ea23fd4cdadfcac6e54e59cba9b5a87ab0d32401242d90024a174bf3812
SSDEEP

196608:NhViVR5xBwoRAmd60/n1pn5OOiS+WV7ytaNVW/0WDqC:N7idwO80fvLW0Wj

Score

10^/10

upx @esaymane redline zgrat pandastealer kutaki sectoprat

Malware Config

Extracted

Family

redline

Botnet

@esaymane

91.142.79.218:26878

Attributes

auth_value
78723e767811c55bea193f76621d6be1

Signatures

Detect ZGRat V1 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/1c133b9bb476879df8145370ce1069ec92f28cade85a839e0159158a3e1b1afd.exe	family_zgrat_v1

Kutaki Executable 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/41c9d28653704e628d8dd20e5f65a298242072156a31bc5fe0e24a1f4c640af5.exe	family_kutaki

Kutaki family
kutaki

Panda Stealer payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/30af8d3ec685a4a5669f1377bb74589772a0428d9daa214c179a795dcf4b9030.exe	family_pandastealer

Pandastealer family
pandastealer

RedLine payload 2 IoCs

Processes:

resource	yara_rule
static1/unpack001/1c133b9bb476879df8145370ce1069ec92f28cade85a839e0159158a3e1b1afd.exe	family_redline
static1/unpack001/677bea9e71aa3a56fe62a20580eb0786431a4789cb340a7294eb243054191c58.exe	family_redline

Redline family
redline

SectopRAT payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/677bea9e71aa3a56fe62a20580eb0786431a4789cb340a7294eb243054191c58.exe	family_sectoprat

Sectoprat family
sectoprat
Zgrat family
zgrat

CoreCCC Packer 1 IoCs

Detects CoreCCC packer used to load .NET malware.

Processes:

resource	yara_rule
static1/unpack001/f2923f695dc02132cea5c0241060dba9a35d317342675118f7b22288e78cee7d.exe	coreccc

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/0fd2b5dba8eb6762b397cf61bd9c2ff9de3eefc8eb8c4cbb1002d1b9c96fe5d1.exe	upx

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/076be2c09b944ec56381f42405728f7f657d2597b6e27191354568fb70170b29.exe
unpack001/0fd2b5dba8eb6762b397cf61bd9c2ff9de3eefc8eb8c4cbb1002d1b9c96fe5d1.exe
unpack001/131d6fb9204ceda508075afce9b9b65e429952674e914d224268deb319a0aab1.exe
unpack001/1c133b9bb476879df8145370ce1069ec92f28cade85a839e0159158a3e1b1afd.exe
unpack001/30af8d3ec685a4a5669f1377bb74589772a0428d9daa214c179a795dcf4b9030.exe
unpack001/41c9d28653704e628d8dd20e5f65a298242072156a31bc5fe0e24a1f4c640af5.exe
unpack001/630efa1e2dc642799b867363bb36d1953884480ac29942a1ab20243a8a9620ad.exe
unpack001/7afefba65e72f42925ba76fae9ea98286eff7d0d01dcccd07c6117384858b6bb.exe
unpack001/817c226e42f5c503325288fd8273bc03b326590f457e7a589eb34c2792d0a5db.exe
unpack001/a925fc1289573f01bb86482e38340f0fe431269aa7500d776713c71091c49142.exe
unpack001/b1c5fd5c0f6a2760eb638414d9bf9b7536b81f45edbd9d509dd085346c67a6ae.exe
unpack001/f58d2071a2fdaea27d814e788e002fe5da63843546f22c255eceade162323ce1.exe

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
static1/unpack001/b1c5fd5c0f6a2760eb638414d9bf9b7536b81f45edbd9d509dd085346c67a6ae.exe	nsis_installer_1
static1/unpack001/b1c5fd5c0f6a2760eb638414d9bf9b7536b81f45edbd9d509dd085346c67a6ae.exe	nsis_installer_2

Files

Random file mystery pot Suprise.zip
.zip
076be2c09b944ec56381f42405728f7f657d2597b6e27191354568fb70170b29.exe
.exe windows:4 windows x64 arch:x64

9bfd2dac39af50555ae9789117b36b66

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

strlen
malloc
memcpy
__argc
__argv
_environ
_XcptFilter
memset
__set_app_type
_controlfp
__getmainargs
exit

kernel32

Sleep
GetCurrentProcessId
OpenProcess
SetUnhandledExceptionFilter

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
0fd2b5dba8eb6762b397cf61bd9c2ff9de3eefc8eb8c4cbb1002d1b9c96fe5d1.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 444KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 93KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
131d6fb9204ceda508075afce9b9b65e429952674e914d224268deb319a0aab1.exe
.exe windows:5 windows x86 arch:x86

0dd592f35b48076810a8314d458b6b4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
lstrlenA
GetLocaleInfoA
EndUpdateResourceW
GetQueuedCompletionStatus
GetCurrentProcess
SetEvent
BackupSeek
GetConsoleTitleA
ReadConsoleW
WriteFile
CreateActCtxW
InitializeCriticalSection
GetEnvironmentStrings
InitAtomTable
HeapDestroy
FindNextVolumeW
IsProcessorFeaturePresent
GetFileAttributesW
GetModuleFileNameW
DeactivateActCtx
InterlockedExchange
GetProcAddress
BeginUpdateResourceW
PrepareTape
GetProcessVersion
WriteConsoleA
LocalAlloc
RemoveDirectoryW
SetConsoleWindowInfo
GetModuleHandleA
VirtualProtect
SetProcessShutdownParameters
ReleaseMutex
GetCurrentProcessId
FindNextVolumeA
lstrcpyA
WriteConsoleW
ReadFile
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
Sleep
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetCPInfo
RaiseException
RtlUnwind
HeapAlloc
LCMapStringW
HeapCreate
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
SetFilePointer
GetModuleHandleW
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetLocaleInfoW
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CloseHandle
CreateFileA
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LoadLibraryW
SetEndOfFile
GetProcessHeap
CreateFileW

Exports

Exports

@GetFirstVice@8
@SetViceVariants@12

Sections

.text
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 39.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jel
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.macemew
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1c133b9bb476879df8145370ce1069ec92f28cade85a839e0159158a3e1b1afd.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
30af8d3ec685a4a5669f1377bb74589772a0428d9daa214c179a795dcf4b9030.exe
.exe windows:6 windows x86 arch:x86

d36bced6e7dcd17a451d812dbc954837

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
Sleep
GetTempPathA
GetLastError
GetFileAttributesA
CreateFileA
LoadLibraryA
GetVersionExA
DeleteFileA
DeleteFileW
CloseHandle
LoadLibraryW
UnlockFile
GetProcAddress
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetModuleFileNameA
SizeofResource
SetWaitableTimer
TlsSetValue
VerifyVersionInfoA
HeapFree
SetLastError
VirtualAlloc
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
InitializeCriticalSectionEx
CreateMutexA
WaitForSingleObject
ReleaseMutex
UnmapViewOfFile
GetModuleHandleA
OpenProcess
HeapSize
GetCurrentThreadId
PostQueuedCompletionStatus
CreateToolhelp32Snapshot
CreateEventW
GetFileInformationByHandle
CopyFileA
QueryFullProcessImageNameA
SetEvent
FileTimeToSystemTime
TerminateThread
TlsAlloc
LockResource
Process32Next
HeapReAlloc
RaiseException
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
QueueUserAPC
GetLocalTime
DecodePointer
HeapDestroy
GlobalLock
CreateFileMappingA
LocalFree
VerSetConditionMask
GetProcessHeap
SystemTimeToFileTime
SleepEx
TlsGetValue
TlsFree
MapViewOfFile
CreateIoCompletionPort
GlobalUnlock
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetTimeZoneInformation
GetFileSizeEx
GetFileAttributesW
CreateFileW
GetTempPathW
SetEndOfFile
GetFullPathNameA
SetFilePointer
LeaveCriticalSection
InitializeCriticalSection
LockFile
WriteFile
GetFullPathNameW
AreFileApisANSI
EnterCriticalSection
ReadFile
SetCurrentDirectoryA
GetConsoleMode
GetConsoleCP
LCMapStringW
CompareStringW
GetFileType
GetCPInfo
GetCommandLineW
GetCommandLineA
GetStdHandle
GetModuleFileNameW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
VirtualQuery
VirtualProtect
GetSystemInfo
LoadLibraryExW
EncodePointer
RtlUnwind
OutputDebugStringW
SwitchToThread
FormatMessageW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetCurrentDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
RemoveDirectoryW
SetFilePointerEx
WriteConsoleW

user32

GetDC
GetSystemMetrics
OpenClipboard
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
GetDesktopWindow
ReleaseDC

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteDC
DeleteObject
GetObjectA
BitBlt

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegGetValueA

crypt32

CryptUnprotectData

bcrypt

BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptOpenAlgorithmProvider
BCryptDecrypt

shlwapi

PathFindExtensionA
PathFindExtensionW

gdiplus

GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
GdipDisposeImage

ws2_32

setsockopt
WSASend
htons
select
htonl
getsockopt
connect
WSAStartup
WSASocketW
WSACleanup
WSAStringToAddressW
WSASetLastError
ntohl
ioctlsocket
closesocket
WSAGetLastError

Sections

.text
Size: 444KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
41c9d28653704e628d8dd20e5f65a298242072156a31bc5fe0e24a1f4c640af5.exe
.exe windows:4 windows x86 arch:x86

e449639e3d5aef200df08087c6240e5e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
ord690
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaHresultCheck
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
ord696
__vbaEnd
__vbaPut3
__vbaFreeVarList
_adj_fdiv_m64
ord698
__vbaNextEachVar
__vbaFreeObjList
ord516
__vbaVarIndexLoadRef
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord626
ord519
__vbaForEachCollAd
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
ord553
ord660
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
ord662
__vbaLenVar
_adj_fdiv_m32
__vbaAryVar
ord667
__vbaAryDestruct
ord591
__vbaVarIndexLoadRefLock
__vbaLateMemSt
ord593
__vbaVarForInit
ord300
ord594
__vbaStrLike
ord595
__vbaObjSet
__vbaOnError
ord596
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
ord306
__vbaStrFixstr
ord520
ord309
__vbaRefVarAry
__vbaBoolVarNull
__vbaFpR8
_CIsin
__vbaErase
ord631
__vbaVarCmpGt
__vbaVargVarMove
ord525
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
ord529
__vbaGet3
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaPutOwner4
ord560
__vbaI2I4
__vbaObjVar
DllFunctionCall
ord563
__vbaVarOr
ord670
__vbaVarLateMemSt
ord564
__vbaLbound
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
ord601
__vbaUI1I2
_CIsqrt
__vbaObjIs
__vbaVarAnd
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaUI1I4
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
__vbaPrintFile
ord713
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
ord607
__vbaI2Str
ord608
ord716
__vbaFPException
__vbaInStrVar
ord717
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaCheckType
__vbaDateVar
__vbaI2Var
ord644
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
ord570
ord648
__vbaVarLateMemCallLdRf
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaVarSetObj
__vbaI4Str
ord681
__vbaVarCmpLt
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
ord689
__vbaAryLock
__vbaVarAdd
__vbaLateMemCall
__vbaStrComp
__vbaStrToAnsi
__vbaVarDup
__vbaFreeVarg
__vbaCheckTypeVar
__vbaFpI4
ord616
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaLateMemCallLd
ord617
_CIatan
ord618
__vbaStrMove
__vbaCastObj
__vbaAryCopy
__vbaForEachVar
ord619
__vbaStrVarCopy
__vbaR8IntI4
_allmul
__vbaVarLateMemCallSt
__vbaLateIdSt
ord545
_CItan
__vbaNextEachCollAd
ord546
__vbaUI1Var
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 400KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5a0daa24b5748d81ba0bb78d7f2b50eb4c387ffe679c92c1462f7dec586adb1f.exe
630efa1e2dc642799b867363bb36d1953884480ac29942a1ab20243a8a9620ad.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
651bc82076659431e06327aeb3aacef2c30bf3cfd43ae4f9bc6b4222f15bb673.exe
.macho macos arch:x64
677bea9e71aa3a56fe62a20580eb0786431a4789cb340a7294eb243054191c58.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

47:6e:f5:f7:40:39:cc:aa:4f:95:c6:f4:65:2d:aa:fe
Certificate

Issuer

CN=Feeing,O=Pathos Sororise Inc.,C=NG,1.2.840.113549.1.9.1=#0c166d616e67696c79746f72736f40676d61696c2e636f6d

Not Before

30-09-2021 21:00

Not After

07-10-2031 21:00

Subject

CN=Feeing,O=Pathos Sororise Inc.,C=NG,1.2.840.113549.1.9.1=#0c166d616e67696c79746f72736f40676d61696c2e636f6d

05:05:82:f5:c5:23:36:5d:f1:1f:6e:39:2a:87:dd:19:42:b8:ee:1f
Signer

Actual PE Digest

05:05:82:f5:c5:23:36:5d:f1:1f:6e:39:2a:87:dd:19:42:b8:ee:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7afefba65e72f42925ba76fae9ea98286eff7d0d01dcccd07c6117384858b6bb.exe
.exe windows:5 windows x86 arch:x86

8199980e4fa11bb2eef21fa8f6072def

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetNativeSystemInfo
WriteConsoleOutputCharacterW
lstrlenA
SetWaitableTimer
WaitForSingleObject
GetModuleHandleW
GetConsoleAliasesA
GetWindowsDirectoryA
GetGeoInfoW
SetCommState
CreateActCtxW
GlobalAlloc
LoadLibraryW
GetLocaleInfoW
GetSystemPowerStatus
GetCalendarInfoA
GetSystemWindowsDirectoryA
GetVolumePathNamesForVolumeNameW
HeapCompact
GetStringTypeExA
GetLastError
SetLastError
VirtualAlloc
ResetEvent
OpenEventA
VirtualLock
HeapLock
GetModuleFileNameA
GetModuleHandleA
lstrcatW
WriteConsoleOutputAttribute
DuplicateHandle
FindAtomW
GetSystemTime
LCMapStringW
CopyFileExA
SetDefaultCommConfigA
CreateMutexW
ReadFile
HeapReAlloc
CompareStringW
CompareStringA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
GetProcAddress
ExitProcess
SetConsoleCtrlHandler
WriteFile
GetStdHandle
HeapAlloc
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetCurrentThread
HeapSize
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
FreeLibrary
LoadLibraryA
SetEnvironmentVariableA

gdi32

GetCharWidthFloatA

advapi32

DeregisterEventSource

ole32

CoUninitialize

msimg32

TransparentBlt

Sections

.text
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 7.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.biro
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
817c226e42f5c503325288fd8273bc03b326590f457e7a589eb34c2792d0a5db.exe
.dll windows:5 windows x86 arch:x86

936c4bd8d850f5712905e253addfc71b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
GetActiveObject
SafeArrayCopy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayCreate
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExA
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExA
RegQueryValueExW
RegQueryValueW
RegQueryInfoKeyW
RegOpenKeyExA
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey
OpenProcessToken
LookupAccountSidW
GetUserNameW
GetTokenInformation

user32

LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
ValidateRect
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetSysColors
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetClassLongW
SetCaretPos
SetCaretBlinkTime
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
OemToCharBuffA
OemToCharA
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericW
IsCharAlphaW
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgCtrlID
GetDialogBaseUnits
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongW
GetClassInfoW
GetCaretPos
GetCaretBlinkTime
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumDisplaySettingsW
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateCaret
CreateAcceleratorTableW
CountClipboardFormats
CopyIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharNextW
CharLowerBuffW
CharLowerW
ChangeDisplaySettingsW
CallWindowProcW
CallNextHookEx
BeginPaint
CharLowerBuffA
CharUpperBuffA
CharToOemBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryW
MultiByteToWideChar
lstrlenW
lstrlenA
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCurrentDirectoryW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
lstrlenA
lstrlenW
lstrcpyW
WriteFile
WinExec
WideCharToMultiByte
WaitForSingleObjectEx
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
VerLanguageNameW
UnmapViewOfFile
TryEnterCriticalSection
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
SwitchToThread
SuspendThread
SizeofResource
SignalObjectAndWait
SetVolumeLabelW
SetThreadPriority
SetThreadLocale
SetPriorityClass
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesW
SetEvent
SetErrorMode
SetEndOfFile
SetCurrentDirectoryW
SetComputerNameW
ResumeThread
ResetEvent
RemoveDirectoryW
ReleaseMutex
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
IsDebuggerPresent
OpenProcess
OpenMutexW
OpenFileMappingW
MultiByteToWideChar
MulDiv
MoveFileW
MapViewOfFile
LockResource
LocalFileTimeToFileTime
LoadResource
LoadLibraryW
LeaveCriticalSection
IsBadReadPtr
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalMemoryStatus
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetVersionExW
GetVersion
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetTempFileNameW
GetSystemPowerStatus
GetSystemInfo
GetSystemDirectoryW
GetStringTypeExA
GetStringTypeExW
GetStdHandle
GetProcAddress
GetOEMCP
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetComputerNameW
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FlushFileBuffers
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
ExitProcess
EnumCalendarInfoW
EnterCriticalSection
DosDateTimeToFileTime
DeleteFileW
DeleteCriticalSection
CreateThread
CreateMutexW
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringA
CompareStringW
CloseHandle
Sleep
MulDiv
GetVersionExW
CreateMutexW

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixelFormat
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyPolyline
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestColor
GetMapMode
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreatePen
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateEnhMetaFileW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CloseEnhMetaFile
Chord
ChoosePixelFormat
BitBlt
Arc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

CreateStreamOnHGlobal
OleRegEnumVerbs
IsAccelerator
OleDraw
OleSetMenuDescriptor
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
ProgIDFromCLSID
CLSIDFromString
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID
IsEqualGUID
CoTaskMemFree
StringFromCLSID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

wsock32

WSACleanup
WSAStartup
gethostname
gethostbyname
send
inet_ntoa

Exports

Exports

Fp61OFl
H83H7ZMVqDeP
LiSO3WCJlm
NhXWtYm
UilYVXoJRDU2rmo
g1HUnmQl
lZJXKhKBxh
rOySsCTr9uJ3S
tYIUz7h2rnkn1sX

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 541KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 258B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
a925fc1289573f01bb86482e38340f0fe431269aa7500d776713c71091c49142.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b1c5fd5c0f6a2760eb638414d9bf9b7536b81f45edbd9d509dd085346c67a6ae.exe
.exe windows:4 windows x86 arch:x86

ced282d9b261d1462772017fe2f6972b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
RegOpenKeyExA
RegEnumValueA

shell32

SHGetFileInfoA
SHFileOperationA
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderLocation
SHBrowseForFolderA

ole32

IIDFromString
OleInitialize
OleUninitialize
CoCreateInstance
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

SetClipboardData
CharPrevA
CallWindowProcA
PeekMessageA
DispatchMessageA
MessageBoxIndirectA
GetDlgItemTextA
SetDlgItemTextA
GetSystemMetrics
CreatePopupMenu
AppendMenuA
TrackPopupMenu
FillRect
EmptyClipboard
LoadCursorA
GetMessagePos
CheckDlgButton
GetSysColor
SetCursor
GetWindowLongA
SetClassLongA
SetWindowPos
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassA
ScreenToClient
EndDialog
GetClassInfoA
SystemParametersInfoA
CreateWindowExA
ExitWindowsEx
DialogBoxParamA
CharNextA
SetTimer
DestroyWindow
CreateDialogParamA
SetForegroundWindow
SetWindowTextA
PostQuitMessage
SendMessageTimeoutA
ShowWindow
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
GetDC
SetWindowLongA
LoadImageA
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageA
DefWindowProcA
DrawTextA
GetClientRect
EndPaint
IsWindowVisible
CloseClipboard
OpenClipboard

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetProcAddress
GetSystemDirectoryA
WideCharToMultiByte
MoveFileExA
ReadFile
GetTempFileNameA
WriteFile
RemoveDirectoryA
CreateProcessA
CreateFileA
GetLastError
CreateThread
CreateDirectoryA
GlobalUnlock
GetDiskFreeSpaceA
GlobalLock
SetErrorMode
GetVersion
lstrcpynA
GetCommandLineA
GetTempPathA
lstrlenA
SetEnvironmentVariableA
ExitProcess
GetWindowsDirectoryA
GetCurrentProcess
GetModuleFileNameA
CopyFileA
GetTickCount
Sleep
GetFileSize
GetFileAttributesA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetShortPathNameA
MoveFileA
CompareFileTime
SetFileTime
SearchPathA
lstrcmpiA
lstrcmpA
CloseHandle
GlobalFree
GlobalAlloc
ExpandEnvironmentStringsA
LoadLibraryExA
FreeLibrary
lstrcpyA
lstrcatA
FindClose
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
SetFilePointer
GetModuleHandleA
FindNextFileA
FindFirstFileA
DeleteFileA
MulDiv

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
f2923f695dc02132cea5c0241060dba9a35d317342675118f7b22288e78cee7d.exe
.msi
f58d2071a2fdaea27d814e788e002fe5da63843546f22c255eceade162323ce1.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

9bfd2dac39af50555ae9789117b36b66

Headers

File Characteristics

Imports

msvcrt

kernel32

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 5.4MB - Virtual size: 5.4MB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 512B - Virtual size: 156B

.rsrc Size: 1KB - Virtual size: 1KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 444KB

UPX1 Size: 93KB - Virtual size: 96KB

.rsrc Size: 117KB - Virtual size: 120KB

0dd592f35b48076810a8314d458b6b4b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 210KB - Virtual size: 210KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 9KB - Virtual size: 39.2MB

.jel Size: 1024B - Virtual size: 624B

.macemew Size: 512B - Virtual size: 23B

.rsrc Size: 59KB - Virtual size: 59KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 250KB - Virtual size: 249KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 512B - Virtual size: 12B

d36bced6e7dcd17a451d812dbc954837

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

crypt32

bcrypt

shlwapi

gdiplus

ws2_32

Sections

.text Size: 444KB - Virtual size: 444KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 5KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 16KB - Virtual size: 15KB

e449639e3d5aef200df08087c6240e5e

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 400KB - Virtual size: 398KB

.data Size: 4KB - Virtual size: 24KB

.rsrc Size: 72KB - Virtual size: 71KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 5.4MB - Virtual size: 5.4MB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 512B - Virtual size: 156B

.rsrc
Size: 1KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 444KB

UPX1
Size: 93KB - Virtual size: 96KB

.rsrc
Size: 117KB - Virtual size: 120KB

.text
Size: 210KB - Virtual size: 210KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 9KB - Virtual size: 39.2MB

.jel
Size: 1024B - Virtual size: 624B

.macemew
Size: 512B - Virtual size: 23B

.rsrc
Size: 59KB - Virtual size: 59KB

.text
Size: 250KB - Virtual size: 249KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 444KB - Virtual size: 444KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 5KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 400KB - Virtual size: 398KB

.data
Size: 4KB - Virtual size: 24KB

.rsrc
Size: 72KB - Virtual size: 71KB

.text
Size: 276KB - Virtual size: 275KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

47:6e:f5:f7:40:39:cc:aa:4f:95:c6:f4:65:2d:aa:fe
Certificate

05:05:82:f5:c5:23:36:5d:f1:1f:6e:39:2a:87:dd:19:42:b8:ee:1f
Signer

.text
Size: 107KB - Virtual size: 106KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 12B

.text
Size: 280KB - Virtual size: 280KB

.data
Size: 29KB - Virtual size: 7.4MB

.biro
Size: 512B - Virtual size: 1B

.rsrc
Size: 70KB - Virtual size: 69KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.itext
Size: 7KB - Virtual size: 6KB

.data
Size: 72KB - Virtual size: 72KB

.bss
Size: - Virtual size: 541KB

.idata
Size: 17KB - Virtual size: 17KB

.didata
Size: 1024B - Virtual size: 806B

.edata
Size: 512B - Virtual size: 258B

.reloc
Size: 169KB - Virtual size: 169KB

.rsrc
Size: 275KB - Virtual size: 275KB