202a78bfc3be8e9f1bf28e95e073df49f171165890ae24565b51f9348d510f14

Sharing

Copy URL

Twitter E-mail

General

Target

202a78bfc3be8e9f1bf28e95e073df49f171165890ae24565b51f9348d510f14
Size

761KB
MD5

8c8ac7a88bd632ac3e7c1178595683a3
SHA1

947ad18c99d9ff0a0782ee217d1b3bae0546762e
SHA256

202a78bfc3be8e9f1bf28e95e073df49f171165890ae24565b51f9348d510f14
SHA512

6bda85a217918b8e7e346907c060f0661537a1973043fbaf20a0cea9c4f35eb4e61b6d7d6fc9a828f1ad8b7a37057b7102e3e7d085911c1fc69967fc4e491d97
SSDEEP

12288:FOMoJRog+E41Fs+Rue7EHOYJr09ErnWSIyWHOwPQwTha+HXhLC7tiUCUH5l1X3OU:FOlu9t1Fs+RJIHOYOCrnUDHOwNTEGXlQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/App/DontSleep/DontSleep_p.exe
unpack001/App/DontSleep/DontSleep_x64_p.exe
unpack001/DontSleepPortable.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/DontSleepPortable.exe	nsis_installer_2

Files

202a78bfc3be8e9f1bf28e95e073df49f171165890ae24565b51f9348d510f14
.zip
App/AppInfo/appicon.ico
App/AppInfo/appicon_128.png
.png
App/AppInfo/appicon_16.png
.png
App/AppInfo/appicon_32.png
.png
App/AppInfo/appinfo.ini
App/DontSleep/DontSleep_p.exe
.exe windows:4 windows x86 arch:x86

99da8f5f2d935576bcb428dcf6194388

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord6278
ord6279
ord2078
ord2613
ord1131
ord6211
ord5296
ord1143
ord4155
ord2858
ord4282
ord6777
ord1644
ord942
ord5949
ord3871
ord2504
ord6632
ord6597
ord1941
ord4029
ord755
ord470
ord6330
ord6398
ord6399
ord2579
ord4400
ord3724
ord804
ord4262
ord2859
ord1197
ord859
ord4270
ord3568
ord3621
ord2406
ord1634
ord3658
ord3566
ord3614
ord2546
ord4480
ord6371
ord4269
ord823
ord765
ord3693
ord4197
ord2756
ord4219
ord5679
ord2755
ord4124
ord4272
ord860
ord6654
ord2680
ord1594
ord940
ord2372
ord6193
ord1565
ord922
ord818
ord2127
ord2855
ord2637
ord3716
ord3087
ord925
ord5568
ord795
ord2910
ord1165
ord2371
ord537
ord927
ord858
ord538
ord535
ord540
ord2810
ord861
ord6195
ord6868
ord800
ord4704
ord4229
ord2294
ord825
ord324
ord567
ord641
ord656
ord609
ord616
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3605
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord4847
ord4370
ord5261
ord3569
ord4418
ord3397
ord5286
ord4390
ord1768
ord6051
ord2567
ord3577
ord4392
ord2570
ord4213
ord2015
ord2403
ord2634
ord1569

msvcrt

_exit
_XcptFilter
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_controlfp
_memicmp
__CxxFrameHandler
clock
_ftol
_CIfmod
time
_wtoi
wcsrchr
free
sprintf
malloc
fclose
fwrite
_wfopen
wcscmp
wcscat
wcsstr
realloc
_except_handler3
_wcsicmp
_errno
_beginthreadex
fread
strftime
localtime
wcslen
_CxxThrowException
memset
memcpy
sin
cos
exit
putc
getc

kernel32

GetTempPathW
DeleteFileW
CreateFileW
WriteFile
CloseHandle
CopyFileW
WideCharToMultiByte
GetModuleFileNameW
lstrcpynW
SetProcessShutdownParameters
lstrcmpiW
lstrcmpW
GetProcAddress
SetThreadExecutionState
GetTickCount
GetModuleHandleA
lstrlenW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetTimeZoneInformation
LockResource
LoadResource
FindResourceW
GetEnvironmentVariableW
lstrlenA
OutputDebugStringW
CreateThread
GetStartupInfoW
lstrcatW
GetModuleHandleW
GetVersionExW
lstrcpyW
InterlockedDecrement
CreateMutexW
GetLocalTime
GetUserDefaultLangID
LoadLibraryW
GetCurrentProcess
GetSystemDirectoryW
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
WaitForSingleObject
ResetEvent
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
Sleep
TerminateThread
SetEvent
WaitForMultipleObjects
GetCurrentThreadId
LocalFree
GetNumberFormatW
GetLocaleInfoW
SetSystemPowerState
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FreeLibrary
GetFileAttributesW
OutputDebugStringA
GetLastError
CreateDirectoryW

user32

SetWindowLongW
GetWindowLongW
CallWindowProcW
DestroyMenu
GetMessagePos
TrackPopupMenuEx
MapWindowPoints
FillRect
LoadBitmapW
GetWindow
GetDlgCtrlID
IsIconic
DrawIcon
GetWindowTextW
SendDlgItemMessageW
ScreenToClient
ExitWindowsEx
GetKeyboardState
GetParent
CallNextHookEx
GetKeyState
UnhookWindowsHookEx
SetWindowsHookExW
ClientToScreen
RedrawWindow
SetForegroundWindow
SetActiveWindow
GetMenu
GetMenuItemCount
DeleteMenu
GetForegroundWindow
EnableMenuItem
SetWindowPos
PostMessageW
InsertMenuW
IsWindowVisible
GetSystemMenu
SetMenu
GetIconInfo
CreateIconIndirect
GetSubMenu
DrawAnimatedRects
FindWindowExW
DestroyIcon
FrameRect
SetMenuItemInfoW
DrawEdge
CopyRect
OffsetRect
SystemParametersInfoW
TranslateAcceleratorW
RegisterWindowMessageW
LoadAcceleratorsW
EnumWindows
CreateWindowExW
keybd_event
SendMessageW
GetSysColorBrush
GetMenuItemInfoW
DrawTextW
GetDC
GetSysColor
ReleaseDC
IsWindow
SetTimer
KillTimer
EnableWindow
LoadImageW
SendMessageTimeoutW
GetActiveWindow
MessageBoxW
GetClientRect
PostQuitMessage
LoadIconW
SetDlgItemTextW
CreatePopupMenu
GetWindowRect
AppendMenuW
TrackPopupMenu
CheckMenuItem
GetAsyncKeyState
GetCursorPos
ShowWindow
SetWindowTextW
GetDlgItem
wsprintfW
GetSystemMetrics

gdi32

SetGraphicsMode
SetWorldTransform
StretchBlt
GetPixel
SetTextColor
GetCurrentObject
SetPixel
CreateBitmap
CreatePatternBrush
SetBkColor
ExtTextOutW
SetBkMode
CreateCompatibleDC
CreateSolidBrush
DeleteDC
GetStockObject
DeleteObject
SelectObject
GetObjectW
CreateFontIndirectW
CreateCompatibleBitmap

comdlg32

GetOpenFileNameW

advapi32

OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegOpenKeyW
RegSetValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW

shell32

SHAppBarMessage
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ExtractIconExW
ShellExecuteExW
ShellExecuteW

comctl32

ImageList_Create
ImageList_ReplaceIcon
ImageList_Draw

ole32

CoInitialize

oleaut32

SysAllocString
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
VariantClear

winmm

joyGetNumDevs
joyGetPos
joyGetPosEx

msvcp60

??0_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??1_Lockit@std@@QAE@XZ

ws2_32

WSACleanup
WSAAccept
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
WSACreateEvent
listen
bind
WSAGetLastError
WSACloseEvent
WSAStartup
htons
WSASend
WSARecv
inet_addr
htonl
closesocket
WSASocketW

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
App/DontSleep/DontSleep_x64_p.exe
.exe windows:4 windows x64 arch:x64

e37f7504a4df46da2f29f005887361b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc42u

ord5724
ord2752
ord4368
ord5065
ord5730
ord5711
ord6053
ord4983
ord3916
ord659
ord1063
ord6705
ord6708
ord5722
ord2094
ord1430
ord6632
ord1287
ord6328
ord2903
ord1441
ord4265
ord4473
ord4612
ord1657
ord4131
ord2661
ord3234
ord2331
ord1950
ord3468
ord6841
ord6842
ord6767
ord984
ord525
ord2598
ord4751
ord3902
ord1044
ord4591
ord2906
ord1123
ord1499
ord4599
ord3830
ord3790
ord2427
ord3742
ord1647
ord3783
ord3740
ord1584
ord2412
ord5615
ord1388
ord4191
ord6071
ord2515
ord2559
ord4836
ord6813
ord4598
ord996
ord3867
ord6886
ord4548
ord2781
ord4601
ord4521
ord2783
ord1259
ord1124
ord2782
ord1284
ord1606
ord2394
ord6612
ord1579
ord6021
ord4436
ord2713
ord1067
ord2156
ord2665
ord3894
ord2900
ord3177
ord1262
ord1463
ord5887
ord1035
ord2975
ord5077
ord622
ord1264
ord1122
ord624
ord620
ord626
ord2846
ord1126
ord6614
ord5980
ord1040
ord2329
ord337
ord852
ord3761
ord4771
ord5702
ord1777
ord6437
ord2517
ord5406
ord5245
ord4721
ord5687
ord867
ord3774
ord4752
ord832
ord3751
ord4743
ord2589
ord4542
ord2023
ord2422
ord822
ord6887
ord665
ord3743
ord4770
ord4988
ord4371
ord3164
ord4077
ord4083
ord4082
ord3535
ord4557
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord5699
ord2140
ord2457
ord5683
ord1736
ord5484
ord3933
ord6814
ord2060
ord2670
ord4789
ord5229
ord4017
ord5712
ord4694
ord6812
ord5586
ord2399
ord5663
ord4741
ord1778
ord4365
ord6440
ord2586
ord2393
ord4314

msvcrt

clock
_wtoi
fmod
memcpy
memset
memcmp
time
wcsstr
malloc
free
fclose
fwrite
_wfopen
wcsrchr
sprintf
realloc
_wcsicmp
_errno
_beginthreadex
fread
strftime
localtime
_CxxThrowException
cosf
sinf
exit
putc
getc
__C_specific_handler
_XcptFilter
_c_exit
_cexit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
_memicmp
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__CxxFrameHandler
_exit

kernel32

GetLocalTime
lstrcpyW
GetVersionExW
QueryPerformanceCounter
GetModuleHandleW
DeleteFileW
GetTempPathW
CreateFileW
WriteFile
CloseHandle
GetModuleFileNameW
CopyFileW
RaiseException
WideCharToMultiByte
lstrlenW
lstrcatW
SetProcessShutdownParameters
SetThreadExecutionState
CreateMutexW
lstrcpynW
GetProcAddress
lstrcmpiW
lstrcmpW
GetModuleHandleA
OutputDebugStringA
LockResource
LoadResource
FindResourceW
GetEnvironmentVariableW
lstrlenA
CreateThread
OutputDebugStringW
GetStartupInfoW
GetLastError
GetUserDefaultLangID
LoadLibraryW
GetSystemDirectoryW
GetCurrentProcess
LeaveCriticalSection
DeleteCriticalSection
Sleep
TerminateThread
WaitForMultipleObjects
SetEvent
WaitForSingleObject
GetCurrentThreadId
ResetEvent
CreateEventW
InitializeCriticalSection
LocalFree
GetNumberFormatW
GetLocaleInfoW
SetSystemPowerState
FileTimeToSystemTime
SystemTimeToFileTime
FreeLibrary
LocalFileTimeToFileTime
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetFileAttributesW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetTimeZoneInformation
GetTickCount
EnterCriticalSection
CreateDirectoryW

user32

AppendMenuW
CreatePopupMenu
SetWindowTextW
GetCursorPos
SetDlgItemTextW
LoadIconW
PostQuitMessage
SendMessageTimeoutW
EnumWindows
GetClientRect
MessageBoxW
GetActiveWindow
TranslateAcceleratorW
LoadAcceleratorsW
RegisterWindowMessageW
SystemParametersInfoW
IsWindowVisible
InsertMenuW
SetWindowPos
PostMessageW
SetMenu
GetSystemMenu
RedrawWindow
EnableMenuItem
DeleteMenu
GetMenuItemCount
GetMenu
SetActiveWindow
SetForegroundWindow
ClientToScreen
GetForegroundWindow
UnhookWindowsHookEx
GetKeyState
GetParent
GetKeyboardState
SetTimer
SetWindowsHookExW
ExitWindowsEx
TrackPopupMenu
SendDlgItemMessageW
GetWindowTextW
DrawIcon
IsIconic
GetDlgCtrlID
GetWindow
keybd_event
IsWindow
CreateWindowExW
ReleaseDC
GetSysColor
GetDC
DestroyIcon
FindWindowExW
DrawAnimatedRects
GetSubMenu
CreateIconIndirect
GetIconInfo
CallWindowProcW
GetMessagePos
SetWindowLongPtrW
GetWindowLongPtrW
GetMenuItemInfoW
DestroyMenu
TrackPopupMenuEx
MapWindowPoints
DrawTextW
SetMenuItemInfoW
CopyRect
GetSysColorBrush
FrameRect
OffsetRect
DrawEdge
LoadBitmapW
FillRect
CheckMenuItem
ShowWindow
GetWindowRect
GetAsyncKeyState
wsprintfW
GetDlgItem
GetSystemMetrics
LoadImageW
SendMessageW
EnableWindow
ScreenToClient
KillTimer
CallNextHookEx

gdi32

SetGraphicsMode
SetWorldTransform
StretchBlt
SetBkMode
SetTextColor
GetCurrentObject
CreatePatternBrush
SetBkColor
ExtTextOutW
CreateBitmap
GetPixel
SetPixel
CreateCompatibleDC
DeleteDC
GetStockObject
CreateSolidBrush
DeleteObject
SelectObject
CreateFontIndirectW
GetObjectW
CreateCompatibleBitmap

comdlg32

GetOpenFileNameW

advapi32

OpenProcessToken
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW

shell32

ShellExecuteW
ShellExecuteExW
ExtractIconExW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHAppBarMessage

comctl32

ImageList_Create
ImageList_ReplaceIcon
ImageList_Draw

ole32

CoInitialize

oleaut32

SysFreeString
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VariantInit
SysAllocString

winmm

joyGetPosEx
joyGetNumDevs
joyGetPos

msvcp60

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@AEBV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??0_Lockit@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV12@_K0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2_KB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPEBDXZ@4DB
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@AEBV01@@Z
??8std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PEBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD_KAEBV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBDAEBV?$allocator@D@1@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@PEBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA?AV12@_K0@Z
??9std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PEBD@Z

ws2_32

WSAStartup
WSASocketW
bind
listen
WSAAccept
WSACreateEvent
WSAGetLastError
htons
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSARecv
WSASend
WSACloseEvent
closesocket
inet_addr
htonl
WSAEventSelect
WSACleanup

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Data/settings/DontSleep.ini
Data/settings/DontSleepPortableSettings.ini
DontSleepPortable.exe
.exe windows:5 windows x86 arch:x86

039d1617d5f0788dacbd04b35a141ebe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
CompareFileTime
lstrlenA
lstrcpynA
lstrlenW
lstrcpynW
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryA
CreateProcessA
GetTempFileNameA
lstrcatA
GetProcAddress
OpenProcess
lstrcpyA
GetVersionExA
GetSystemDirectoryA
GetVersion
RemoveDirectoryA
SetFileTime
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleA
LoadLibraryExA
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
MulDiv
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
WideCharToMultiByte

user32

ScreenToClient
GetMessagePos
CallWindowProcA
IsWindowVisible
LoadBitmapA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
CheckDlgButton
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharUpperA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
LoadCursorA
SetCursor
GetWindowLongA
GetSysColor
CharNextA
DialogBoxParamA
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
FindWindowExA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumValueA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 500KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99da8f5f2d935576bcb428dcf6194388

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

oleaut32

winmm

msvcp60

ws2_32

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 84KB - Virtual size: 175KB

.rsrc Size: 64KB - Virtual size: 60KB

e37f7504a4df46da2f29f005887361b6

Headers

DLL Characteristics

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

oleaut32

winmm

msvcp60

ws2_32

Sections

.text Size: 176KB - Virtual size: 176KB

.rdata Size: 78KB - Virtual size: 78KB

.data Size: 73KB - Virtual size: 240KB

.pdata Size: 16KB - Virtual size: 16KB

.rsrc Size: 61KB - Virtual size: 60KB

039d1617d5f0788dacbd04b35a141ebe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 167KB

.ndata Size: - Virtual size: 500KB

.rsrc Size: 358KB - Virtual size: 358KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 84KB - Virtual size: 175KB

.rsrc
Size: 64KB - Virtual size: 60KB

.text
Size: 176KB - Virtual size: 176KB

.rdata
Size: 78KB - Virtual size: 78KB

.data
Size: 73KB - Virtual size: 240KB

.pdata
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 61KB - Virtual size: 60KB

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 167KB

.ndata
Size: - Virtual size: 500KB

.rsrc
Size: 358KB - Virtual size: 358KB

.reloc
Size: 3KB - Virtual size: 2KB