520d178a56f8b8efa8e7e830c2705aa0

Sharing

Copy URL Twitter E-mail

General

Target

520d178a56f8b8efa8e7e830c2705aa0
Size

391KB
MD5

520d178a56f8b8efa8e7e830c2705aa0
SHA1

7e9c704aeedd741e96779ea7196ad9f95a3447c8
SHA256

24a196f0256c8264975b8660938f350defc3cfa8e8f5791e01f2a2647d91aa69
SHA512

ad9cafd4d8c04ad77346bf382127018b9e2c810c406a177795ccea4e8ae16e3124223f8079d62241f977b1f64361930b19ec495bb2b49ab6b76fa9f6779944e1
SSDEEP

6144:64cdTCCyq7dv/aOTbBI0sK5R/rdNEyJ227Sw8+g5CwJxbHhvAePhZ:646T7V/TbBImNTSw25NLbH1AeP7

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/YMSG12ENCRYPT.dll
unpack001/power of silence 2.01.exe
unpack001/trueSpeech.ocx
unpack001/yacscom.dll

Files

520d178a56f8b8efa8e7e830c2705aa0
.rar
Content.txt
MSWINSCK.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

5270274b4ff20c6f050b9c66331e50cb

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wsock32

accept
listen
inet_ntoa
recv
WSAGetLastError
WSASetLastError
select
__WSAFDIsSet
shutdown
ntohs
sendto
recvfrom
connect
getsockopt
setsockopt
getsockname
getpeername
closesocket
WSACancelAsyncRequest
gethostbyaddr
bind
WSAAsyncSelect
socket
WSAStartup
WSACleanup
inet_addr
WSAAsyncGetHostByName
WSAAsyncGetHostByAddr
gethostbyname
htons
gethostname
ioctlsocket
send

kernel32

lstrlenW
GetProcAddress
GetModuleFileNameA
InitializeCriticalSection
HeapFree
HeapAlloc
GetProcessHeap
lstrcpynA
lstrcpyA
lstrlenA
lstrcatA
IsBadWritePtr
WideCharToMultiByte
GetVersion
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
LocalFree
FormatMessageA
GetTickCount
MultiByteToWideChar
SetLastError
GetLocaleInfoA
LoadLibraryA
DeleteCriticalSection
FreeLibrary
DisableThreadLibraryCalls
lstrcmpA
InterlockedDecrement
GetFileAttributesA
GetWindowsDirectoryA
HeapReAlloc
InterlockedIncrement
lstrcmpiA
GetLastError
LockResource
LoadResource
FindResourceA

user32

EndDialog
DialogBoxParamA
GetActiveWindow
MessageBoxA
DrawEdge
GetDC
CharNextA
LoadCursorA
wsprintfA
GetWindowRect
SetWindowPos
ShowWindow
IsDialogMessageA
GetWindow
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
IsChild
GetKeyState
SetParent
WinHelpA
IsWindowVisible
EndPaint
GetClientRect
BeginPaint
SendDlgItemMessageA
LoadStringA
ClientToScreen
OffsetRect
EqualRect
IntersectRect
SetWindowRgn
PtInRect
MessageBeep
LoadBitmapA
GetSystemMetrics
GetParent
CreateDialogIndirectParamA
GetDlgItemTextA
SetDlgItemInt
SendMessageA
DefWindowProcA
GetWindowLongA
DestroyWindow
KillTimer
SetTimer
UnregisterClassA
RegisterClassA
PeekMessageA
PostMessageA
SetDlgItemTextA
SetFocus
GetDlgItemInt
MoveWindow
SetWindowLongA
CreateWindowExA
ReleaseDC

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SysAllocString
VariantChangeType
SysAllocStringLen
SysStringLen
SafeArrayRedim
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
OleCreatePropertyFrame
LoadRegTypeLi
SafeArrayDestroy
SafeArrayUnaccessData
SetErrorInfo
CreateErrorInfo
GetErrorInfo
SysFreeString
SysAllocStringByteLen
SafeArrayCreate
VariantClear
SafeArrayGetUBound
SafeArrayGetLBound
SysStringByteLen
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
VariantInit

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateRectRgnIndirect
GetWindowExtEx
GetViewportExtEx
DeleteDC
DeleteObject
GetObjectA
LPtoDP
SetMapMode
SetViewportExtEx
SetWindowExtEx
SetViewportOrgEx
SetWindowOrgEx
CreateDCA
BitBlt
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
YMSG12ENCRYPT.dll
.dll windows:4 windows x86 arch:x86

9303931c10e4e8aa3ef2a5da865769c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord4486
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord269
ord6375
ord3830
ord4274
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
??2@YAPAXI@Z
_EH_prolog
__CxxFrameHandler
malloc
strchr
isalpha
isdigit
sprintf
realloc
strncmp
strcspn
strncpy
free

kernel32

LocalFree
LocalAlloc

Exports

Exports

YMSG12_ScriptedMind_Encrypt

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 822B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msinet.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

d940cf5b3d0dfb340396c0608ef1a0c5

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

16/11/1999, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service CA SW1,OU=VeriSign Trust Network+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/04/2000, 00:00

Not After

17/04/2001, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

wininet

FtpSetCurrentDirectoryA
FtpCreateDirectoryA
InternetCrackUrlA
InternetSetOptionA
InternetCreateUrlA
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetFindNextFileA
FtpDeleteFileA
FtpGetFileA
FtpPutFileA
FtpRenameFileA
InternetReadFile
InternetConnectA
FtpGetCurrentDirectoryA
FtpRemoveDirectoryA
FtpFindFirstFileA
HttpQueryInfoA
HttpOpenRequestA
HttpSendRequestA
InternetOpenUrlA

kernel32

LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
GetProcessHeap
CloseHandle
LocalFree
FormatMessageA
SetEvent
CreateEventA
GetLastError
MultiByteToWideChar
lstrcatA
lstrcpyA
lstrlenA
ResetEvent
SetLastError
lstrcpynA
WaitForSingleObject
WaitForMultipleObjects
GetTickCount
IsBadWritePtr
DisableThreadLibraryCalls
GetVersion
GetProcAddress
GetFileAttributesA
GetModuleFileNameA
GetWindowsDirectoryA
LoadLibraryA
GetLocaleInfoA
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
lstrcmpiA
LockResource
LoadResource
FindResourceA
lstrcmpA

user32

SetDlgItemInt
SendDlgItemMessageA
GetMessageA
PostQuitMessage
GetDlgItemInt
GetDlgItemTextA
SendMessageA
ReleaseDC
GetDC
CharNextA
SetDlgItemTextA
SetWindowPos
SetWindowLongA
SetParent
EndPaint
GetClientRect
BeginPaint
GetWindowLongA
SetFocus
GetDlgItem
MoveWindow
GetWindow
GetActiveWindow
IsWindowVisible
TranslateMessage
GetParent
OffsetRect
EqualRect
DispatchMessageA
GetWindowThreadProcessId
ShowWindow
PtInRect
WinHelpA
IsDialogMessageA
GetNextDlgTabItem
IsWindowEnabled
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBoxA
MessageBeep
SetTimer
PeekMessageA
MsgWaitForMultipleObjects
PostMessageA
ClientToScreen
GetWindowRect
CreateWindowExA
EndDialog
LoadIconA
DrawEdge
DrawIcon
LoadCursorA
RegisterClassA
DestroyIcon
KillTimer
DestroyWindow
GetSystemMetrics
LoadStringA
wsprintfA
DialogBoxParamA
IntersectRect
SetWindowRgn
DefWindowProcA
PostThreadMessageA
UnregisterClassA

ole32

CoUninitialize
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder

advapi32

RegEnumKeyExA
RegQueryValueExA
RegQueryValueA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

oleaut32

OleCreatePropertyFrame
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
LoadTypeLibEx
SafeArrayCreate
SetErrorInfo
CreateErrorInfo
GetErrorInfo
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroy
VariantChangeTypeEx
SysAllocString

gdi32

GetWindowExtEx
SetViewportOrgEx
LPtoDP
DeleteDC
SetWindowExtEx
SetMapMode
SetViewportExtEx
GetViewportExtEx
SetWindowOrgEx
CreateDCA
GetDeviceCaps
CreateRectRgnIndirect

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
power of silence 2.01.exe
.exe windows:4 windows x86 arch:x86

62da771763044d710913c75966111636

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaAryMove
__vbaGosubReturn
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem
__vbaRecAnsiToUni
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
ord631
__vbaErase
__vbaVarZero
__vbaChkstk
__vbaGosubFree
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaGet3
__vbaAryConstruct2
__vbaI2I4
DllFunctionCall
ord670
_adj_fpatan
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaGosub
ord607
__vbaFPException
ord717
__vbaStrVarVal
__vbaUbound
__vbaVarCat
ord644
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
ord570
__vbaR8Str
__vbaVar2Vec
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
ord616
__vbaFpI4
_CIatan
ord618
__vbaUI1Str
__vbaStrMove
__vbaAryCopy
__vbaStrVarCopy
__vbaR8IntI4
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 256B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��a
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
trueSpeech.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

8dd7758b11f8ed180c78a7a6c7e41143

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
_CIcos
_adj_fptan
__vbaAryMove
__vbaFreeVar
__vbaAptOffset
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenBstrB
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaExitProc
__vbaVarForInit
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFpR8
_CIsin
__vbaErase
ord525
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaI2I4
DllFunctionCall
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
Zombie_GetTypeInfoCount
__vbaRedim
__vbaRecUniToAnsi
__vbaUI1ErrVar
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
__vbaFPException
ord717
ord319
__vbaUbound
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaVar2Vec
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
__vbaAryLock
ord320
__vbaStrToAnsi
ord321
__vbaFpI2
__vbaFpI4
_CIatan
__vbaCastObj
__vbaStrMove
_allmul
_CItan
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaRecAssign
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
yacscom.dll
.dll regsvr32 windows:4 windows x86 arch:x86

41563194d6e68b905c4e5a5df0778334

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

inet_ntoa
ioctlsocket
gethostbyname
inet_addr
htons
htonl
ntohl
setsockopt
WSAGetLastError
WSAAsyncSelect
closesocket
WSACleanup
ntohs
sendto
WSACancelAsyncRequest
WSAAsyncGetHostByName
send
recv
connect
socket
bind
select
__WSAFDIsSet
getsockname
WSAStartup
gethostname
recvfrom

winmm

mixerSetControlDetails
waveOutPrepareHeader
waveInClose
waveOutWrite
waveOutGetPosition
mixerGetControlDetailsA
mixerGetLineInfoA
mixerGetLineControlsA
mixerClose
waveInOpen
waveInUnprepareHeader
waveOutClose
waveOutUnprepareHeader
waveOutOpen
mmioOpenA
mmioDescend
mmioRead
mmioAscend
mmioClose
waveOutGetNumDevs
waveInGetNumDevs
waveInPrepareHeader
waveInAddBuffer
waveInStart
mixerOpen
mixerGetDevCapsA
waveOutReset
waveInGetPosition
waveInReset
waveInGetErrorTextA

msacm32

acmDriverClose
acmStreamClose
acmStreamUnprepareHeader
acmDriverDetailsA
acmFormatEnumA
acmMetrics
acmDriverOpen
acmDriverEnum
acmStreamPrepareHeader
acmStreamOpen
acmStreamConvert
acmStreamSize

kernel32

IsBadReadPtr
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
SetHandleCount
GetStdHandle
WriteFile
HeapSize
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
CreateThread
GetOEMCP
GetCPInfo
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetStdHandle
FlushFileBuffers
SetFilePointer
GetStringTypeA
GetStringTypeW
FormatMessageA
GetLastError
CreateMutexA
CloseHandle
GetCurrentThreadId
GetSystemTime
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
WaitForSingleObject
ReleaseMutex
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
RaiseException
InitializeCriticalSection
DeleteCriticalSection
CreateEventA
GetCurrentProcessId
SetEvent
SetThreadPriority
GetCurrentThread
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
Sleep
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
HeapFree
GetProcessHeap
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
EnterCriticalSection
LeaveCriticalSection
lstrlenA
lstrcpynA
lstrcpyA
lstrcatA
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
DisableThreadLibraryCalls
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
HeapAlloc
FlushInstructionCache
GetCurrentProcess
LCMapStringA
LCMapStringW
SetEndOfFile
ReadFile
GetTickCount
LocalFree
IsBadCodePtr
ResumeThread
ExitThread
RtlUnwind
ExitProcess
TerminateProcess
lstrcmpiA

user32

wsprintfA
GetParent
SetFocus
GetFocus
IsChild
BeginPaint
GetClientRect
EndPaint
GetKeyState
InvalidateRect
IsWindow
CallWindowProcA
GetClassInfoExA
ReleaseDC
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
UnionRect
PtInRect
CharNextA
LoadCursorA
RegisterClassA
GetWindowLongA
PostQuitMessage
RegisterClassExA
GetDC
DefWindowProcA
CreateWindowExA
ShowWindow
GetMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
PostMessageA
SetWindowLongA
DestroyWindow
UnregisterClassA
KillTimer
SetTimer

gdi32

CreateRectRgnIndirect
Rectangle
CreateDCA
LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
GetDeviceCaps
CreateMetaFileA
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
TextOutA
SetTextAlign
DeleteMetaFile

advapi32

RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegDeleteKeyA
GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
OleRegEnumVerbs
OleRegGetUserType
CreateOleAdviseHolder
OleRegGetMiscStatus
StringFromGUID2
CoCreateInstance
CreateDataAdviseHolder
OleLoadFromStream
WriteClassStm
OleSaveToStream

oleaut32

VariantChangeType
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit
SysFreeString
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
OleCreatePropertyFrame
LoadRegTypeLi
SysStringLen
LoadTypeLi

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5270274b4ff20c6f050b9c66331e50cb

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1dCertificate

Extended Key Usages

Key Usages

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5cCertificate

Key Usages

Signer

Headers

File Characteristics

Imports

wsock32

kernel32

user32

ole32

advapi32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 66KB - Virtual size: 66KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 5KB - Virtual size: 4KB

9303931c10e4e8aa3ef2a5da865769c6

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 60KB - Virtual size: 61KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 822B

d940cf5b3d0dfb340396c0608ef1a0c5

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1dCertificate

Extended Key Usages

Key Usages

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5cCertificate

Key Usages

Signer

Headers

File Characteristics

Imports

wininet

kernel32

user32

ole32

advapi32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 66KB - Virtual size: 65KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 5KB - Virtual size: 4KB

62da771763044d710913c75966111636

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 20KB - Virtual size: 20KB

.data Size: 256B - Virtual size: 4KB

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

.text
Size: 66KB - Virtual size: 66KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 60KB - Virtual size: 61KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 822B

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

fc:a4:a5:9f:2c:0f:c0:b9:03:98:33:1b:7b:54:54:1d
Certificate

75:f2:8e:f8:a8:fb:ea:6d:11:52:97:14:95:4b:65:5c
Certificate

.text
Size: 66KB - Virtual size: 65KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 20KB - Virtual size: 20KB

.data
Size: 256B - Virtual size: 4KB

.rsrc
Size: 9KB - Virtual size: 8KB

��a
Size: - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 41KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 176KB - Virtual size: 173KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 16KB - Virtual size: 12KB