27f44bfedb287aeca3b536fb001fde3a

Sharing

Copy URL Twitter E-mail

General

Target

27f44bfedb287aeca3b536fb001fde3a
Size

619KB
MD5

27f44bfedb287aeca3b536fb001fde3a
SHA1

6662432057fc586b0927cff8317e7cd02e822bce
SHA256

bfc699522518ea8760e27c1b059cf73b58f1ada02224bce426fe1bdf4fd3ed9b
SHA512

d3e51b0aab3d07ee91f984dbcf6f1db549183ae56ba54ddc25d6ed044aaf42f2a37e6ecdd91d74323728f48e2935b7f6f3f11b8979aa34d717fe1f57e5724a5b
SSDEEP

12288:auzx2sUSoj5YNf2L4O8Wnv+08QmAgXo06Uircnt0hkbZ7N:au0ZSojEplB5QmAgXo9kZ7N

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Locate32-v3.1.8.6150beta/ImgHnd.dll
unpack001/Locate32-v3.1.8.6150beta/SetTool.exe
unpack001/Locate32-v3.1.8.6150beta/Updtdb32.exe
unpack001/Locate32-v3.1.8.6150beta/keyhelper.dll
unpack001/Locate32-v3.1.8.6150beta/lan_en.dll
unpack001/Locate32-v3.1.8.6150beta/loc_fndx.dll
unpack001/Locate32-v3.1.8.6150beta/locate.exe
unpack001/Locate32-v3.1.8.6150beta/locate32.exe

Files

27f44bfedb287aeca3b536fb001fde3a
.rar
Locate32-v3.1.8.6150beta/ImgHnd.dll
.dll windows:5 windows x86 arch:x86

903ed2dd719d681d528ba7518da05882

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdiplus

GdiplusStartup
GdipGetImageWidth
GdipCloneImage
GdipDisposeImage
GdipAlloc
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipGetImageHeight
GdipFree
GdiplusShutdown

kernel32

GetEnvironmentStrings
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
HeapAlloc
RaiseException
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
WriteFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA

Exports

Exports

GetImageDimensionsA
GetImageDimensionsW
InitLibrary
UninitLibrary

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Locate32-v3.1.8.6150beta/Locate32.chm
.chm
Locate32-v3.1.8.6150beta/Readme.txt
Locate32-v3.1.8.6150beta/SetTool.exe
.exe windows:5 windows x86 arch:x86

1140cc4cc09a7151636e1a87e0058174

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleW
CreateFileA
WriteConsoleA
SetStdHandle
FlushFileBuffers
DeleteFileA
LocalFree
CloseHandle
GetVersionExA
GetLastError
CreateProcessA
FormatMessageA
WaitForSingleObject
GetConsoleOutputCP
GetCurrentProcess
GetCommandLineA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapFree
HeapAlloc
RaiseException
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
VirtualAlloc
HeapReAlloc
HeapSize
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind

user32

PostQuitMessage
LoadStringA
MessageBoxA
SetClassLongA
EndDialog
DefDlgProcA
LoadImageA
FindWindowA
DialogBoxParamA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

AdjustTokenPrivileges
RegSaveKeyA
RegOpenKeyExA
RegCreateKeyExA
LookupPrivilegeValueA
RegEnumKeyExA
RegDeleteKeyA
RegRestoreKeyA
OpenProcessToken
RegCloseKey

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Locate32-v3.1.8.6150beta/Updtdb32.exe
.exe windows:5 windows x86 arch:x86

f2d7b21100330ad9156c649d3a6ad6ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
InterlockedExchange
GetLocalTime
SystemTimeToFileTime
CreateThread
SetThreadPriority
ResumeThread
GetCurrentProcess
WaitForSingleObject
GetDriveTypeA
GetDriveTypeW
SetErrorMode
GetVolumeInformationA
GetVolumeInformationW
GetLogicalDriveStringsA
GlobalAlloc
GlobalFree
GetTickCount
DeleteFileA
DeleteFileW
CreateDirectoryW
CreateProcessA
CreateDirectoryA
GetProcAddress
GetModuleHandleA
GetLastError
CreateFileA
GetFullPathNameA
CreateFileW
GetFullPathNameW
SetFilePointer
ReadFile
WriteFile
GetFileSize
LockFile
UnlockFile
FlushFileBuffers
GetShortPathNameA
GetShortPathNameW
FindNextFileW
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetVersion
EnterCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwind
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleHandleW
ExitProcess
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
VirtualAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CompareStringA
CompareStringW
SetEnvironmentVariableA
FindNextFileA
FindFirstFileW
FindFirstFileA
MultiByteToWideChar
CloseHandle
SetEndOfFile
LoadLibraryExA
LockResource
Sleep
WideCharToMultiByte
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceA

advapi32

AdjustTokenPrivileges
RegSaveKeyA
RegQueryValueExA
RegDeleteKeyA
RegQueryValueExW
OpenProcessToken
RegRestoreKeyA
RegCloseKey
RegEnumKeyExA
LookupPrivilegeValueA
RegCreateKeyExA
RegOpenKeyExA

mpr

WNetOpenEnumA
WNetEnumResourceW
WNetEnumResourceA
WNetCloseEnum
WNetOpenEnumW

user32

LoadStringW
LoadStringA
CharLowerBuffA
CharLowerW
CharLowerA
MessageBoxA
GetActiveWindow
CharLowerBuffW

comdlg32

GetFileTitleW
GetFileTitleA

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Locate32-v3.1.8.6150beta/keyhelper.dll
.dll windows:5 windows x86 arch:x86

0d46b87f09da7b999ea109a1547cbf47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleA
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA

user32

GetClassNameA
SendMessageA
GetForegroundWindow
GetWindowTextA
keybd_event
GetKeyState
CallNextHookEx
SetWindowsHookExA
PostMessageA
UnhookWindowsHookEx

Exports

Exports

SetHook
UnsetHook
_HookKeyboardProc@12

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Locate32-v3.1.8.6150beta/lan_en.dll
.dll windows:5 windows x86 arch:x86

d0b0ab81bf0e4cd20070f6525db9fd67

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Locate32-v3.1.8.6150beta/loc_fndx.dll
.dll windows:5 windows x86 arch:x86

d0b0317db87688ce22cd4861107f83ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
GetModuleFileNameA
CloseHandle
LCMapStringW
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
HeapAlloc
RaiseException
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
WriteFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA

user32

SendNotifyMessageA
RegisterWindowMessageA
FindWindowA
wsprintfA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Locate32-v3.1.8.6150beta/locate-example.ini
Locate32-v3.1.8.6150beta/locate.exe
.exe windows:5 windows x86 arch:x86

cfde434015c23ce0e9d047f5a4bf0767

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
InterlockedExchange
MultiByteToWideChar
LoadLibraryExA
LockResource
SetConsoleCtrlHandler
GetConsoleScreenBufferInfo
GetLocalTime
GetStdHandle
SetConsoleMode
ReadConsoleA
LoadLibraryExW
LoadResource
FreeLibrary
GetCurrentProcess
CreateDirectoryW
WaitForSingleObject
CreateProcessA
CreateDirectoryA
GetProcAddress
GetModuleHandleA
GetLastError
CreateFileA
GetFullPathNameA
CreateFileW
GetFullPathNameW
SetFilePointer
ReadFile
WriteFile
GetFileSize
LockFile
UnlockFile
FlushFileBuffers
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetShortPathNameA
GetShortPathNameW
GetCurrentDirectoryW
FindResourceA
GetModuleFileNameA
GetModuleFileNameW
GetVersion
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LCMapStringA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetProcessHeap
DeleteFileA
DeleteFileW
CloseHandle
GetCurrentDirectoryA
WideCharToMultiByte
GetDriveTypeA
GetTickCount
SetEndOfFile
GetDriveTypeW

user32

LoadStringW
LoadStringA
GetActiveWindow
MessageBoxA
CharLowerBuffA
CharLowerA
CharLowerW
CharLowerBuffW

advapi32

OpenProcessToken
RegRestoreKeyA
LookupPrivilegeValueA
RegCreateKeyExA
RegOpenKeyExA
RegSaveKeyA
AdjustTokenPrivileges
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
RegQueryValueExW
RegQueryValueExA

comdlg32

GetFileTitleW
GetFileTitleA

Sections

.text
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Locate32-v3.1.8.6150beta/locate32.exe
.exe windows:5 windows x86 arch:x86

f682ab6421dfefd8543b18993f0c3321

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempFileNameA
MulDiv
EnumTimeFormatsA
EnumDateFormatsA
CopyFileA
CopyFileW
GlobalFree
GetFileAttributesA
GetFileAttributesW
SetFileAttributesA
SetFileAttributesW
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GlobalGetAtomNameA
GlobalGetAtomNameW
GetCurrentDirectoryA
GetTickCount
FindNextFileA
FindNextFileW
GetVolumeInformationA
GetVolumeInformationW
GetCommandLineW
FreeLibrary
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalAlloc
SystemTimeToFileTime
FileTimeToDosDateTime
GetLocaleInfoA
GetDateFormatA
GetDateFormatW
GetTimeFormatA
GetTimeFormatW
GetLocalTime
MultiByteToWideChar
QueryDosDeviceW
GetLogicalDriveStringsW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
SetLastError
GetLogicalDriveStringsA
GetLogicalDrives
RemoveDirectoryW
RemoveDirectoryA
LoadLibraryA
CreateProcessA
CreateProcessW
MoveFileExW
MoveFileExA
GetFileSize
GetFileTime
FileTimeToLocalFileTime
FindClose
FindFirstFileW
FindFirstFileA
InterlockedDecrement
LocalAlloc
FormatMessageA
GetLastError
FormatMessageW
LoadLibraryExW
LoadLibraryExA
LocalFree
GetNumberFormatA
GetNumberFormatW
lstrlenA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetProcessHeap
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
LCMapStringA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetStdHandle
ExitProcess
VirtualAlloc
VirtualFree
HeapCreate
LCMapStringW
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapAlloc
HeapFree
InterlockedIncrement
GetPrivateProfileStringW
GetPrivateProfileStringA
lstrcpynA
GetSystemDirectoryW
GetSystemDirectoryA
GetWindowsDirectoryW
GetWindowsDirectoryA
GetTempFileNameW
GetTempPathW
GetCurrentDirectoryW
GetShortPathNameW
GetShortPathNameA
FlushFileBuffers
UnlockFile
LockFile
WriteFile
ReadFile
SetFilePointer
GetModuleFileNameW
GetModuleFileNameA
GetCurrentThread
OpenEventA
GetVersion
CreateDirectoryA
CreateDirectoryW
LeaveCriticalSection
EnterCriticalSection
DeleteAtom
GlobalAddAtomA
GlobalAddAtomW
GetDriveTypeW
GetDriveTypeA
DeleteFileW
DeleteFileA
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceA
SetEndOfFile
GetFullPathNameA
GetFullPathNameW
SetErrorMode
GetTempPathA
DeleteCriticalSection
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
WideCharToMultiByte
CreateFileA
CreateFileW
FindNextChangeNotification
ResetEvent
Sleep
GetOverlappedResult
WaitForMultipleObjects
TerminateThread
GetExitCodeThread
GetCurrentThreadId
WaitForSingleObject
ResumeThread
SetThreadPriority
CreateThread
SetEvent
CreateEventA
CloseHandle
GetModuleHandleA
GetProcAddress
GetCurrentProcess
DuplicateHandle
InterlockedExchange
GlobalMemoryStatus
GetVersionExA
SetPriorityClass

user32

DrawTextW
SendMessageA
SendDlgItemMessageA
EndDialog
LoadCursorA
DrawTextA
LoadImageA
SetDlgItemTextA
SetDlgItemTextW
ReleaseDC
GetClientRect
SetCursor
CharLowerBuffA
GetMonitorInfoA
MonitorFromWindow
GetDesktopWindow
FindWindowA
BringWindowToTop
UnregisterHotKey
RegisterHotKey
SetMenuDefaultItem
TranslateMessage
GetForegroundWindow
GetWindowTextA
DispatchMessageA
GetDlgCtrlID
DispatchMessageW
VkKeyScanA
GetDlgItemTextA
ToAscii
GetKeyboardState
LoadStringA
SendDlgItemMessageW
GetDoubleClickTime
GetDC
RegisterClassExA
ReleaseCapture
SetCapture
DrawFrameControl
SetDlgItemInt
GetDlgItemInt
CallWindowProcA
CallWindowProcW
CheckDlgButton
CharUpperW
EnumChildWindows
GetIconInfo
DrawFocusRect
CharUpperBuffA
CreateMenu
SetMenu
SetMenuItemBitmaps
LoadMenuA
IsCharLowerW
SetClipboardData
EmptyClipboard
CheckMenuItem
GetNextDlgTabItem
EnableMenuItem
InsertMenuItemA
CreatePopupMenu
DefWindowProcA
SetWindowLongW
LoadBitmapA
SetClipboardViewer
DrawIconEx
DrawStateA
GetSysColor
DestroyMenu
ChangeClipboardChain
ScreenToClient
TrackPopupMenu
GetKeyState
DefDlgProcA
IsWindowEnabled
IsClipboardFormatAvailable
DestroyIcon
KillTimer
CharLowerA
InvalidateRect
SendMessageW
DestroyAcceleratorTable
CreateAcceleratorTableA
FillRect
DialogBoxParamA
IsWindowVisible
UpdateWindow
SetClassLongW
SetClassLongA
GetSystemMetrics
LoadImageW
SetFocus
GetFocus
EnableWindow
ShowWindow
GetWindowRect
SetWindowPos
SetWindowLongA
SetWindowPlacement
GetWindowPlacement
GetMenu
SetTimer
CreateDialogParamW
CreateDialogParamA
IsDlgButtonChecked
LoadStringW
GetWindow
CreateWindowExW
RedrawWindow
GetWindowTextW
GetWindowTextLengthA
SetWindowTextA
SetWindowTextW
GetClassNameW
GetWindowTextLengthW
GetDlgItemTextW
DefWindowProcW
IsDialogMessageA
TranslateAcceleratorA
GetMessageA
PeekMessageA
IsDialogMessageW
TranslateAcceleratorW
GetMessageW
PeekMessageW
BeginPaint
EndPaint
InsertMenuItemW
SetMenuItemInfoA
SetMenuItemInfoW
GetMenuItemInfoW
GetActiveWindow
AttachThreadInput
GetWindowThreadProcessId
GetSubMenu
GetMenuItemInfoA
DeleteMenu
GetMenuItemCount
SetForegroundWindow
MessageBoxW
SendNotifyMessageA
IsCharUpperW
CloseClipboard
GetClipboardData
OpenClipboard
EnumWindows
RegisterWindowMessageA
MessageBoxA
GetClassNameA
GetMenuItemID
ClientToScreen
GetClipboardFormatNameA
RegisterClipboardFormatA
GetCursorPos
GetDlgItem
LoadIconA
GetParent
CreateWindowExA
DestroyWindow
PostMessageA
CharUpperBuffW
CharLowerBuffW
CharLowerW
PostQuitMessage
GetWindowLongA
GetSysColorBrush
DialogBoxParamW

gdi32

SelectObject
GetTextFaceA
GetTextMetricsA
DeleteObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateSolidBrush
GetObjectA
CreatePen
Rectangle
SetBkColor
CreateFontIndirectW
GetStockObject
CreateFontIndirectA
SetBkMode
GetDeviceCaps
SetMapMode
CreateFontA

advapi32

GetFileSecurityA
RegOpenKeyExW
RegCreateKeyExW
LookupAccountSidW
LookupAccountSidA
AdjustTokenPrivileges
RegSaveKeyA
RegOpenKeyExA
RegCreateKeyExA
LookupPrivilegeValueA
RegRestoreKeyA
OpenProcessToken
RegEnumKeyExA
RegEnumKeyExW
RegSetValueExW
RegEnumValueA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyA
GetSecurityDescriptorOwner
GetFileSecurityW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueW

shell32

SHBrowseForFolderA
SHBrowseForFolderW
SHGetPathFromIDListA
SHGetFileInfoW
SHFileOperationA
SHFileOperationW
Shell_NotifyIconA
SHGetDataFromIDListA
ExtractIconExA
ExtractIconExW
SHGetFileInfoA
ShellExecuteExA
ShellExecuteExW
SHGetSettings
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
DragQueryFileW
SHGetDesktopFolder
DragFinish
DragQueryFileA
ShellExecuteA
Shell_NotifyIconW

ole32

CLSIDFromString
RegisterDragDrop
OleInitialize
OleUninitialize
RevokeDragDrop
CoTaskMemAlloc
CoCreateInstance
PropVariantClear
ReleaseStgMedium
CoTaskMemFree
CoUninitialize
CoInitialize
DoDragDrop

oleaut32

SysFreeString
SysAllocString
VariantClear

keyhelper

UnsetHook
SetHook

comctl32

ImageList_GetIconSize
ord412
ImageList_Replace
CreatePropertySheetPageW
CreatePropertySheetPageA
PropertySheetW
PropertySheetA
ImageList_LoadImageA
ImageList_GetIcon
ImageList_Draw
ImageList_Add
ImageList_Create
ord410
ImageList_Destroy
InitCommonControlsEx
ord413

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

mpr

WNetOpenEnumW
WNetOpenEnumA
WNetEnumResourceW
WNetCloseEnum
WNetEnumResourceA

shlwapi

StrCmpIW

comdlg32

GetFileTitleA
ChooseColorA
ChooseFontA
GetOpenFileNameW
GetSaveFileNameW
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleW

Sections

.text
Size: 904KB - Virtual size: 904KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Locate32-v3.1.8.6150beta/portable.ini
Locate32-v3.1.8.6150beta/regs/DeleteDatabaseFile - Allow.reg
Locate32-v3.1.8.6150beta/regs/DeleteDatabaseFile - Disallow.reg
Locate32-v3.1.8.6150beta/regs/REAMDE.txt
Locate32-v3.1.8.6150beta/regs/ResultListDelayTimes.reg
Locate32-v3.1.8.6150beta/regs/Search protocol - Register.reg
Locate32-v3.1.8.6150beta/regs/Search protocol - Unregister.reg
Locate32-v3.1.8.6150beta/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

903ed2dd719d681d528ba7518da05882

Headers

File Characteristics

Imports

gdiplus

kernel32

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

1140cc4cc09a7151636e1a87e0058174

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 26KB - Virtual size: 26KB

f2d7b21100330ad9156c649d3a6ad6ce

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

mpr

user32

comdlg32

Sections

.text Size: 171KB - Virtual size: 171KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 21KB - Virtual size: 20KB

0d46b87f09da7b999ea109a1547cbf47

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 864B

.reloc Size: 3KB - Virtual size: 3KB

d0b0ab81bf0e4cd20070f6525db9fd67

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 74KB - Virtual size: 73KB

.reloc Size: 3KB - Virtual size: 3KB

d0b0317db87688ce22cd4861107f83ff

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 26KB - Virtual size: 26KB

.text
Size: 171KB - Virtual size: 171KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 21KB - Virtual size: 20KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 864B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 74KB - Virtual size: 73KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 227KB - Virtual size: 227KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 21KB - Virtual size: 20KB

.text
Size: 904KB - Virtual size: 904KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 215KB - Virtual size: 215KB