1e443a5aa0bccbe4c5a865aade600ab3

Sharing

Copy URL Twitter E-mail

General

Target

1e443a5aa0bccbe4c5a865aade600ab3
Size

4.1MB
MD5

1e443a5aa0bccbe4c5a865aade600ab3
SHA1

546d729982575693da29b3b64d9476689bb4e8df
SHA256

48f4faf75f4cf6aa44f3c69b55e70863ec2af7c7dad574e767819185447b6484
SHA512

c3d042114eeb357df472abdabd489d8cfc4747e21cfa6d195b72fb0d38186f285d74892a59773312bc92ea32eeca521dc5f9e8a2df9da53dd8177761df9a963f
SSDEEP

98304:icxDAuK1AdvcWvOb9jz4zISh9Hb4wbxAMm5SIV5uJI0YMc:nxEuG8vcWGBjPPXS2uJI/n

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ProcNetMonitor/Portable Version/ProcNetMonitor.exe
unpack001/ProcNetMonitor/Setup_ProcNetMonitor.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/ProcNetMonitor/Setup_ProcNetMonitor.exe	nsis_installer_1
static1/unpack001/ProcNetMonitor/Setup_ProcNetMonitor.exe	nsis_installer_2

Files

1e443a5aa0bccbe4c5a865aade600ab3
.zip
ProcNetMonitor/License/SecurityXploded_License.rtf
.rtf
ProcNetMonitor/Portable Version/ProcNetMonitor.exe
.exe windows:5 windows x86 arch:x86

6e5bd4913a09443c17f6fd5b04da2cbe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadConsoleW
SetFilePointerEx
GetEnvironmentStringsW
WriteConsoleW
OutputDebugStringW
CreateFileW
SetEnvironmentVariableA
QueryPerformanceCounter
GetStdHandle
GetProcessHeap
GetConsoleMode
GetConsoleCP
GetStringTypeW
IsValidCodePage
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
HeapQueryInformation
HeapSize
AreFileApisANSI
GetModuleHandleExW
LockResource
ExitThread
CreateThread
HeapReAlloc
VirtualQuery
VirtualAlloc
GetSystemInfo
RaiseException
GetCommandLineA
RtlUnwind
HeapAlloc
HeapFree
IsProcessorFeaturePresent
IsDebuggerPresent
GetTimeZoneInformation
FindResourceExW
VirtualProtect
SearchPathA
GetProfileIntA
GetTickCount
GetTempFileNameA
VerifyVersionInfoA
VerSetConditionMask
lstrcpyA
GetFileTime
SetErrorMode
GetVolumeInformationA
lstrcmpiA
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
FindFirstFileA
FindClose
DeleteFileA
GetCurrentDirectoryA
GetACP
GetCPInfo
GetOEMCP
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
FreeEnvironmentStringsW
InterlockedIncrement
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetCurrentProcessId
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpA
GetModuleFileNameA
GetCurrentThread
InterlockedExchange
ResumeThread
SuspendThread
SetThreadPriority
CreateEventA
SetEvent
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
FreeResource
GetSystemDirectoryW
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DecodePointer
EncodePointer
LoadLibraryW
GetModuleHandleW
GetModuleFileNameW
GetVersion
OutputDebugStringA
GetFileAttributesW
InterlockedDecrement
CopyFileA
FormatMessageA
MulDiv
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
SetLastError
ProcessIdToSessionId
GetSystemWindowsDirectoryA
Sleep
TerminateProcess
ExitProcess
OpenProcess
MultiByteToWideChar
LoadLibraryA
lstrcpynA
FreeLibrary
WideCharToMultiByte
GetVersionExA
GetFileAttributesExA
GetFileAttributesA
CreateFileA
QueryDosDeviceA
CreateDirectoryA
GetWindowsDirectoryA
GetTempPathA
FindResourceW
FindResourceA
CreateProcessA
GetModuleHandleA
GetLogicalDriveStringsA
FileTimeToSystemTime
FileTimeToLocalFileTime
CloseHandle
ReadFile
WriteFile
GetFileSizeEx
SizeofResource
LoadResource
WaitForSingleObject
GetLastError
GetCurrentProcess
GetProcAddress
LCMapStringW

user32

ToAsciiEx
GetKeyboardState
LockWindowUpdate
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
PostThreadMessageA
IsZoomed
GetComboBoxInfo
TrackMouseEvent
MonitorFromPoint
UpdateLayeredWindow
IsMenu
SetWindowRgn
LoadImageW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
SetParent
UnionRect
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetAsyncKeyState
MessageBeep
DrawIconEx
IsRectEmpty
ReuseDDElParam
UnpackDDElParam
InsertMenuItemA
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
BringWindowToTop
GetMenuDefaultItem
CreatePopupMenu
LoadCursorW
WaitMessage
CharUpperA
KillTimer
SetTimer
DeleteMenu
RealChildWindowFromPoint
UnregisterClassA
GetSysColorBrush
GetWindowThreadProcessId
ShowOwnedPopups
PostQuitMessage
TranslateMessage
GetMessageA
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
SystemParametersInfoA
GetMenuItemInfoA
DestroyMenu
IntersectRect
IsDialogMessageA
SetWindowTextA
IsWindowEnabled
SendDlgItemMessageA
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
LoadAcceleratorsW
CallNextHookEx
DestroyCursor
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongA
EqualRect
MapWindowPoints
MessageBoxA
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
GetFocus
FillRect
ScreenToClient
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
ReleaseDC
GetDC
MapVirtualKeyA
GetKeyNameTextA
IsWindow
UnhookWindowsHookEx
RemoveMenu
InsertMenuA
GetMenuItemCount
CreateAcceleratorTableA
DestroyAcceleratorTable
CopyAcceleratorTableA
SetCursorPos
SetClassLongA
GetDoubleClickTime
SetMenuDefaultItem
ModifyMenuA
RegisterClipboardFormatA
CharUpperBuffA
FrameRect
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
GetMenuItemID
GetMenuState
GetMenuStringA
GetIconInfo
GetWindowLongA
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SetScrollInfo
GetWindowRgn
OffsetRect
SetRectEmpty
WindowFromPoint
ClientToScreen
GetCapture
MapDialogRect
CreateMenu
SetWindowsHookExA
SubtractRect
GetNextDlgGroupItem
PostMessageA
DrawEdge
CopyImage
InflateRect
CopyRect
DrawFocusRect
DrawStateA
DrawFrameControl
LoadCursorA
GetParent
SetWindowLongA
PtInRect
SetCursor
ReleaseCapture
SetCapture
LoadIconW
LoadIconA
GetCursorPos
GetWindowRect
RedrawWindow
UpdateWindow
DrawIcon
AppendMenuA
GetSubMenu
EnableMenuItem
GetSystemMenu
LoadMenuW
GetSystemMetrics
GetActiveWindow
IsIconic
SetRect
GetClientRect
InvalidateRect
DrawTextA
LoadImageA
EnableWindow
SendMessageA
CopyIcon
DestroyIcon
GetSysColor
GetDesktopWindow

gdi32

ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
SetRectRgn
DPtoLP
GetTextMetricsA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
EnumFontFamiliesExA
GetRgnBox
OffsetRgn
CreateRoundRectRgn
RoundRect
OffsetWindowOrgEx
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceA
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
SelectPalette
ExtTextOutA
TextOutA
MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
RectVisible
PtVisible
FrameRgn
DeleteObject
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteDC
CreateRectRgn
CreatePatternBrush
CreateHatchBrush
CreateBitmap
PatBlt
CreateRectRgnIndirect
GetDeviceCaps
CreateDCA
CopyMetaFileA
SetStretchBltMode
SetDIBitsToDevice
Rectangle
GetTextExtentPoint32A
CreatePen
GetObjectA
CreateFontIndirectA
GetStockObject
CreateSolidBrush
CreateFontA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetTextColor
SetBkMode
SelectObject
SetBkColor

msimg32

AlphaBlend
TransparentBlt

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

CryptHashData
GetTokenInformation
AdjustTokenPrivileges
LookupAccountSidA
LookupPrivilegeValueA
RegCloseKey
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
CryptDestroyHash
OpenProcessToken
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA

shell32

ShellExecuteExA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHAppBarMessage
SHBrowseForFolderA
ShellExecuteA
DragFinish
DragQueryFileA
SHGetDesktopFolder

comctl32

ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_Draw

shlwapi

PathFindExtensionA
PathFindFileNameA
PathRemoveExtensionA
PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
StrFormatKBSizeA

uxtheme

GetWindowTheme
DrawThemeText
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetThemePartSize
GetCurrentThemeName
GetThemeColor
CloseThemeData
OpenThemeData
DrawThemeParentBackground
GetThemeSysColor

ole32

CoTaskMemFree
CoTaskMemAlloc
OleDuplicateData
ReleaseStgMedium
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitialize
CoInitializeEx
RevokeDragDrop
CreateStreamOnHGlobal
DoDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop

oleaut32

SysFreeString
SysAllocString
VarBstrFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen

psapi

EnumProcesses
GetModuleBaseNameA
GetModuleFileNameExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winhttp

WinHttpQueryDataAvailable
WinHttpReadData
WinHttpConnect
WinHttpOpen
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse

ws2_32

htons
inet_ntoa
ntohs
gethostname
WSAStartup
WSAGetLastError
getaddrinfo
getnameinfo
inet_addr

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipGetImageWidth
GdipDrawImageRectI

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ProcNetMonitor/Readme.html
.html
ProcNetMonitor/Setup_ProcNetMonitor.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e5bd4913a09443c17f6fd5b04da2cbe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

psapi

version

winhttp

ws2_32

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 305KB - Virtual size: 305KB

.data Size: 23KB - Virtual size: 261KB

.rsrc Size: 2.1MB - Virtual size: 2.1MB

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 174KB - Virtual size: 174KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 305KB - Virtual size: 305KB

.data
Size: 23KB - Virtual size: 261KB

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 174KB - Virtual size: 174KB