27398749fb837d2398ff00d2c5b69242

Sharing

Copy URL Twitter E-mail

General

Target

27398749fb837d2398ff00d2c5b69242
Size

670KB
MD5

27398749fb837d2398ff00d2c5b69242
SHA1

41ef9eff7f7c33f98f9e2d151deb3a74582b348e
SHA256

4f429866af0cf8e3bfc2aa51da832bc7d537f5b49084e5c4af38475bdb25297d
SHA512

d0a40e8b682d5cf327a36bc448b374112876b3a1a16b12aac7dd26d9428319eb1d2eb77665005c54f7bd45980b4581d2988eb6e297c1acb0b1b089b86119c54f
SSDEEP

12288:eWInvFkpVSTa5TwDySx1VZDrPj0gUzWM2Y1Ku6CVW2BbTomWPZFiB51r0:eWIn3HDySzVZD7j0/zWM2GKu649omZBc

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/620F清零/Usp10.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/620F清零/Usp10.dll	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/620F清零/AdjProg cracked.exe
unpack001/620F清零/DataServiceLapper.dll
unpack001/620F清零/StrGene.dll
unpack001/620F清零/Usp10.dll
unpack002/out.upx
unpack001/620F清零/apdadrv.dll

Files

27398749fb837d2398ff00d2c5b69242
.rar
620F清零/AdjProg cracked.exe
.exe windows:4 windows x86 arch:x86

1081476a05f333603c2b67fe8ab9ba17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
gethostbyname
WSAStartup
WSACleanup

netapi32

Netbios

apdadrv

??1CApdadrv@@QAE@XZ
?ADSetRWTimeOut@CApdadrv@@QAEXU_COMMTIMEOUTS@@@Z
??0CApdadrv@@QAE@XZ
?ADPortOpen@CApdadrv@@QAEKPBD@Z
?ADPortClose@CApdadrv@@QAEHXZ
?ADInitDevice@CApdadrv@@QAEKXZ
?ADD4SendAndReceiveCtrlCh@CApdadrv@@QAEKPAEK0KAAK@Z
?ADD4ReceiveDataFromDataCh@CApdadrv@@QAEKPAEKAAK@Z
?ADD4SendDataToDataCh@CApdadrv@@QAEKPAEKAAK@Z
?ADGetDeviceID@CApdadrv@@QAEKPAEK@Z
?ioctl@CApdadrv@@QAEPAXW4apdadrvIoctl_t@@PAX@Z
?ADD4Termination@CApdadrv@@QAEKXZ
?ADD4Negotiation@CApdadrv@@QAEKXZ

strgene

?GetStrImage@@YAXPAEHPAY1BGI@DA@E@Z

kernel32

GetProcessVersion
GlobalFlags
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
GetCPInfo
GetOEMCP
GetFileSize
GetFileTime
SetErrorMode
RtlUnwind
RaiseException
GetTimeZoneInformation
FindResourceExA
GetLocalTime
ExitProcess
TerminateProcess
GetStartupInfoA
GetCommandLineA
CreateThread
ExitThread
GetACP
HeapSize
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
SizeofResource
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentProcess
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
MulDiv
SetLastError
SuspendThread
SetThreadPriority
InterlockedExchange
SetEvent
lstrcmpA
GetCurrentThread
InterlockedIncrement
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GetProcAddress
GlobalLock
GlobalUnlock
VirtualProtect
FindResourceA
LoadResource
LockResource
CreateEventA
WaitForSingleObject
WritePrivateProfileStringA
GlobalAlloc
GlobalFree
SetFileAttributesA
FindFirstFileA
MoveFileA
FindNextFileA
FindClose
RemoveDirectoryA
CreateDirectoryA
GetFileAttributesA
DeleteFileA
ResumeThread
GetExitCodeThread
Sleep
GetWindowsDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
WideCharToMultiByte
GetVersionExA
CreateFileA
DeviceIoControl
GetLastError
CloseHandle
MultiByteToWideChar
InterlockedDecrement
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
GetModuleFileNameA
lstrlenA
GetProfileStringA
GetFileInformationByHandle
PeekNamedPipe
GetSystemTime

user32

SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
wvsprintfA
PostQuitMessage
SetCursor
GetCursorPos
ValidateRect
GetMessageA
ClientToScreen
GetWindowDC
TabbedTextOutA
DrawTextA
GrayStringA
LoadStringA
DestroyMenu
CharUpperA
GetSysColorBrush
GetClassNameA
PtInRect
InflateRect
GetDlgItemTextA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
AdjustWindowRectEx
ScreenToClient
CopyRect
IsWindowVisible
ScrollWindow
SetScrollInfo
GetScrollRange
GetScrollPos
GetTopWindow
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
CheckMenuItem
GetMenuItemID
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
GetKeyState
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
IsWindow
CreateDialogIndirectParamA
DestroyWindow
MapDialogRect
SetWindowPos
ShowWindow
GetCapture
GetActiveWindow
SetActiveWindow
GetAsyncKeyState
GetWindowLongA
GetFocus
SetFocus
GetDlgItem
IsWindowEnabled
KillTimer
SetTimer
PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA
UpdateWindow
LoadCursorA
CopyIcon
GetDlgCtrlID
GetDC
BeginPaint
EndPaint
ReleaseDC
InvalidateRect
GetWindowRect
GetClientRect
IsIconic
DrawIcon
GetSystemMetrics
GetSystemMenu
AppendMenuA
LoadIconA
RedrawWindow
EnableMenuItem
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
MessageBoxA
SetSystemCursor
PostMessageA
GetParent
SendMessageA
EnableWindow
GetSubMenu
IsWindowUnicode
CharNextA
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
GetWindow

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
SetMapMode
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
PatBlt
EnumFontFamiliesExA
GetStockObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateCompatibleDC
GetTextExtentPointA
BitBlt
CreateDIBitmap
SelectObject
SetStretchBltMode
StretchBlt
DeleteObject
CreateFontA
CreateSolidBrush
SetBkMode

comdlg32

GetOpenFileNameA
GetFileTitleA
GetSaveFileNameA

winspool.drv

EnumPortsA
DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA

comctl32

PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ord17
ImageList_Destroy

ole32

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance

oleaut32

SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
VariantClear
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysFreeString

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 228KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
620F清零/DataServiceLapper.dll
.dll windows:4 windows x86 arch:x86

aefa8de13741749968a9c751f2c54989

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
FindResourceW
GetProcessHeap
SizeofResource
DeleteCriticalSection
LockResource
LoadResource
FindResourceExW
WideCharToMultiByte
GetLastError
lstrlenW
WaitForSingleObject
EnterCriticalSection
MultiByteToWideChar
HeapReAlloc
HeapAlloc
lstrlenA
HeapFree
LeaveCriticalSection
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
HeapDestroy
HeapSize
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
LoadLibraryA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
VirtualProtect
VirtualAlloc
GetProcAddress
GetModuleHandleA
GetSystemInfo
VirtualQuery
GetCurrentThreadId
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapCreate
VirtualFree
ExitProcess
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

user32

UnregisterClassA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringLen
SysFreeString
VariantClear
VariantInit

ws2_32

WSAGetLastError
WSASetEvent
WSAEventSelect
WSAGetOverlappedResult
WSAConnect
WSACreateEvent
closesocket
WSACloseEvent
freeaddrinfo
WSASend
WSASetLastError
WSARecv
WSAResetEvent
WSASocketW
getaddrinfo
WSACleanup
WSAStartup
WSAEnumNetworkEvents

Exports

Exports

??0DataServiceLapper@@QAE@XZ
??1DataServiceLapper@@QAE@XZ
??4DataServiceLapper@@QAEAAV0@ABV0@@Z
?NickName@DataServiceLapper@@QAEHPAX@Z
?SetEEP2@DataServiceLapper@@QAEJPAX@Z
?SetEEP@DataServiceLapper@@QAEJPAX@Z

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
620F清零/EditText.dat
620F清零/StrGene.dll
.dll windows:4 windows x86 arch:x86

b12fa03ab655983db613c463bd66a916

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsFree
SetLastError
TlsGetValue
GetLastError
TlsAlloc
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
RtlUnwind
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
VirtualQuery

Exports

Exports

?GetStrImage@@YAXPAEHPAY1BGI@DA@E@Z

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
620F清零/Usp10.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AheadLib_LpkPresent
AheadLib_ScriptApplyDigitSubstitution
AheadLib_ScriptApplyLogicalWidth
AheadLib_ScriptBreak
AheadLib_ScriptCPtoX
AheadLib_ScriptCacheGetHeight
AheadLib_ScriptFreeCache
AheadLib_ScriptGetCMap
AheadLib_ScriptGetFontProperties
AheadLib_ScriptGetGlyphABCWidth
AheadLib_ScriptGetLogicalWidths
AheadLib_ScriptGetProperties
AheadLib_ScriptIsComplex
AheadLib_ScriptItemize
AheadLib_ScriptJustify
AheadLib_ScriptLayout
AheadLib_ScriptPlace
AheadLib_ScriptRecordDigitSubstitution
AheadLib_ScriptShape
AheadLib_ScriptStringAnalyse
AheadLib_ScriptStringCPtoX
AheadLib_ScriptStringFree
AheadLib_ScriptStringGetLogicalWidths
AheadLib_ScriptStringGetOrder
AheadLib_ScriptStringOut
AheadLib_ScriptStringValidate
AheadLib_ScriptStringXtoCP
AheadLib_ScriptString_pLogAttr
AheadLib_ScriptString_pSize
AheadLib_ScriptString_pcOutChars
AheadLib_ScriptTextOut
AheadLib_ScriptXtoCP
AheadLib_UspAllocCache
AheadLib_UspAllocTemp
AheadLib_UspFreeMem
LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkPresent
LpkTabbedTextOut
LpkUseGDIWidthCache
MemCode_LpkDllInitialize
MemCode_LpkDrawTextEx
MemCode_LpkEditControl
MemCode_LpkExtTextOut
MemCode_LpkGetCharacterPlacement
MemCode_LpkGetTextExtentExPoint
MemCode_LpkInitialize
MemCode_LpkPSMTextOut
MemCode_LpkTabbedTextOut
MemCode_LpkUseGDIWidthCache
MemCode_ftsWordBreak
ScriptApplyDigitSubstitution
ScriptApplyLogicalWidth
ScriptBreak
ScriptCPtoX
ScriptCacheGetHeight
ScriptFreeCache
ScriptGetCMap
ScriptGetFontProperties
ScriptGetGlyphABCWidth
ScriptGetLogicalWidths
ScriptGetProperties
ScriptIsComplex
ScriptItemize
ScriptJustify
ScriptLayout
ScriptPlace
ScriptRecordDigitSubstitution
ScriptShape
ScriptStringAnalyse
ScriptStringCPtoX
ScriptStringFree
ScriptStringGetLogicalWidths
ScriptStringGetOrder
ScriptStringOut
ScriptStringValidate
ScriptStringXtoCP
ScriptString_pLogAttr
ScriptString_pSize
ScriptString_pcOutChars
ScriptTextOut
ScriptXtoCP
UspAllocCache
UspAllocTemp
UspFreeMem
ftsWordBreak

Sections

UPX0
Size: - Virtual size: 136KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
620F清零/apdadrv.dll
.dll windows:4 windows x86 arch:x86

b1bf50502811f4348363b4fe821b7e03

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

QueryDosDeviceA
lstrcmpiA
lstrlenA
CloseHandle
WriteFile
DefineDosDeviceA
Sleep
ReadFile
DeviceIoControl
GetVersionExA
CreateFileA
ClearCommError
SetCommTimeouts
FlushFileBuffers
ExitProcess
TerminateProcess
GetCurrentProcess
RtlUnwind
GetCommandLineA
GetVersion
HeapReAlloc
HeapAlloc
HeapSize
HeapFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
GetStringTypeA
GetStringTypeW
SetStdHandle
LCMapStringA
LCMapStringW

advapi32

RegCloseKey
RegQueryValueExA

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInterfaceRegKey

Exports

Exports

??0CApdadrv@@QAE@XZ
??1CApdadrv@@QAE@XZ
??4CApdadrv@@QAEAAV0@ABV0@@Z
?ADD4Negotiation@CApdadrv@@QAEKXZ
?ADD4ReceiveDataFromDataCh@CApdadrv@@QAEKPAEKAAK@Z
?ADD4SendAndReceiveCtrlCh@CApdadrv@@QAEKPAEK0KAAK@Z
?ADD4SendDataToDataCh@CApdadrv@@QAEKPAEKAAK@Z
?ADD4SetCommPacketSize@CApdadrv@@QAEXGGGG@Z
?ADD4Termination@CApdadrv@@QAEKXZ
?ADD4Termination_v@CApdadrv@@QAEKXZ
?ADGetDeviceID@CApdadrv@@QAEKPAEK@Z
?ADInitDevice@CApdadrv@@QAEKXZ
?ADPortClose@CApdadrv@@QAEHXZ
?ADPortOpen@CApdadrv@@QAEKPBD@Z
?ADReceive@CApdadrv@@QAEKPAEKAAK@Z
?ADSend@CApdadrv@@QAEKPAEKAAK@Z
?ADSetRWTimeOut@CApdadrv@@QAEXU_COMMTIMEOUTS@@@Z
?ADSetReceiveType@CApdadrv@@QAEXK@Z
?ioctl@CApdadrv@@QAEPAXW4apdadrvIoctl_t@@PAX@Z

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1081476a05f333603c2b67fe8ab9ba17

Headers

File Characteristics

Imports

ws2_32

netapi32

apdadrv

strgene

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 188KB - Virtual size: 185KB

.data Size: 228KB - Virtual size: 319KB

.rsrc Size: 84KB - Virtual size: 81KB

aefa8de13741749968a9c751f2c54989

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

ws2_32

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 12KB - Virtual size: 10KB

b12fa03ab655983db613c463bd66a916

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 136KB

UPX1 Size: 79KB - Virtual size: 80KB

.rsrc Size: 8KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 130KB - Virtual size: 130KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 4KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 9KB - Virtual size: 8KB

b1bf50502811f4348363b4fe821b7e03

Headers

File Characteristics

Imports

kernel32

advapi32

setupapi

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 188KB - Virtual size: 185KB

.data
Size: 228KB - Virtual size: 319KB

.rsrc
Size: 84KB - Virtual size: 81KB

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 12KB - Virtual size: 10KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 136KB

UPX1
Size: 79KB - Virtual size: 80KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 130KB - Virtual size: 130KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 4KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 17KB

.reloc
Size: 8KB - Virtual size: 4KB