2abd8a5789f0ec202e317456ae48bc5e

Sharing

Copy URL Twitter E-mail

General

Target

2abd8a5789f0ec202e317456ae48bc5e
Size

25.5MB
MD5

2abd8a5789f0ec202e317456ae48bc5e
SHA1

95167f3e125f9d62afeb37ba063c79027637b9fd
SHA256

41b65ed7787740a5553a8aba70fb2ee26d18e954d16636fddb849956ce87eb84
SHA512

4c574b84aae0d564acf7ac3da3f80ed3235a4fc7e186f8bcf815b8b92bc7ce2d53e729edcd6aeeba7a1aa7e9755169f5b3d27bc156a33b99cd86bac4b82a927b
SSDEEP

786432:wPDEWkHs1hfsp7xYWjq4l+DHVd/Hf4YCSYwC3/WW5YSj:wbEWd/Ep7xYWj1l+D1mYCSYw2/WW5lj

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/driver/RNDISMPK.sys
unpack001/driver/rndismpm.sys
unpack001/driver/rndismpw.sys
unpack001/driver/usb8023k.sys
unpack001/driver/usb8023m.sys
unpack001/driver/usb8023w.sys
unpack001/fscommand/ADSL_util_Setup.exe
unpack001/fscommand/RT104.exe
unpack001/fscommand/UtilClose.exe
unpack001/fscommand/adslclose.exe
unpack001/fscommand/adslsound.exe
unpack001/fscommand/pdf_okuyucu_kurulum.exe
unpack001/kurulum.exe

Files

2abd8a5789f0ec202e317456ae48bc5e
.zip
AirTies.ico
autorun.inf
driver/RNDISMPK.sys
.dll windows:6 windows x86 arch:x86

81281826d5160226603248e2647aca73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
IoGetDeviceProperty
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
IoAllocateMdl
MmBuildMdlForNonPagedPool
IoFreeMdl
ExInterlockedPushEntrySList
ExInterlockedPopEntrySList
MmMapLockedPages
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
KeInitializeSpinLock
RtlEqualUnicodeString

hal

KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisQueryBufferSafe
NdisGetSystemUpTime
NdisAllocatePacket
NdisAllocateBuffer
NdisFreeBuffer
NdisFreePacket
NdisAllocateMemoryWithTag
NDIS_BUFFER_TO_SPAN_PAGES
NdisMIndicateStatus
NdisMIndicateStatusComplete
NdisMCoIndicateReceivePacket
NdisMCoSendComplete
NdisInterlockedDecrement
NdisFreeMemory
NdisQueryBufferOffset
NdisOpenConfigurationKeyByName
NdisInterlockedIncrement
NdisSetEvent
NdisMRemoveMiniport
NdisMCoRequestComplete
NdisWaitEvent
NdisInitializeEvent
NdisReadConfiguration
NdisCancelTimer
NdisMSleep
NdisPacketPoolUsage
NdisOpenConfigurationKeyByIndex
NdisCloseConfiguration
NdisOpenConfiguration
NdisSetTimer
NdisMRegisterAdapterShutdownHandler
NdisMSetAttributesEx
NdisMGetDeviceProperty
NdisInitializeTimer
NdisMRegisterUnloadHandler
NdisMRegisterMiniport
NdisInitializeWrapper
NdisFreePacketPool
NdisFreeBufferPool
NdisAllocateBufferPool
NdisAllocatePacketPoolEx
NdisMCoActivateVcComplete
NdisMCoDeactivateVcComplete

Exports

Exports

DllInitialize
DllUnload
RndisMIndicateReceive
RndisMInitializeWrapper
RndisMSendComplete

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/bcmdslur.inf
driver/broadcom.cat
driver/rndismpm.sys
.dll windows:5 windows x86 arch:x86

799e94d6de66a90d0559f19db693b4c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
IoGetDeviceProperty
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
IoAllocateMdl
MmBuildMdlForNonPagedPool
IoFreeMdl
ExInterlockedPushEntrySList
ExInterlockedPopEntrySList
MmMapLockedPages
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
RtlEqualUnicodeString

hal

KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisQueryBufferSafe
NdisGetSystemUpTime
NdisAllocatePacket
NdisAllocateBuffer
NdisFreeBuffer
NdisAllocateMemoryWithTag
NdisQueryBufferOffset
NDIS_BUFFER_TO_SPAN_PAGES
NdisMCoIndicateReceivePacket
NdisMCoSendComplete
NdisInterlockedDecrement
NdisMCoDeactivateVcComplete
NdisFreeMemory
NdisFreePacket
NdisOpenConfigurationKeyByName
NdisInterlockedIncrement
NdisSetEvent
NdisMRemoveMiniport
NdisMCoRequestComplete
NdisWaitEvent
NdisInitializeEvent
NdisReadConfiguration
NdisCancelTimer
NdisMSleep
NdisPacketPoolUsage
NdisOpenConfigurationKeyByIndex
NdisCloseConfiguration
NdisOpenConfiguration
NdisSetTimer
NdisMRegisterAdapterShutdownHandler
NdisMSetAttributesEx
NdisMGetDeviceProperty
NdisInitializeTimer
NdisMRegisterUnloadHandler
NdisMRegisterMiniport
NdisInitializeWrapper
NdisFreePacketPool
NdisFreeBufferPool
NdisAllocateBufferPool
NdisAllocatePacketPoolEx
NdisMCoActivateVcComplete

Exports

Exports

DllInitialize
DllUnload
RndisMIndicateReceive
RndisMInitializeWrapper
RndisMSendComplete

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 256B - Virtual size: 191B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/rndismpw.sys
.dll windows:5 windows x86 arch:x86

62c6c065770552943e5fb1d6aba93133

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

KeBugCheckEx
KeTickCount
IoGetDeviceProperty
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
IoAllocateMdl
MmBuildMdlForNonPagedPool
IoFreeMdl
MmMapLockedPages
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
RtlEqualUnicodeString

hal

KfReleaseSpinLock
KfAcquireSpinLock

ndis.sys

NdisQueryBuffer
NdisGetSystemUpTime
NdisAllocatePacket
NdisAllocateBuffer
NdisAllocateMemoryWithTag
NdisFreePacket
NdisQueryBufferOffset
NDIS_BUFFER_TO_SPAN_PAGES
NdisMCoIndicateReceivePacket
NdisMCoSendComplete
NdisFreeMemory
NdisFreeBuffer
NdisOpenConfiguration
NdisInterlockedIncrement
NdisSetEvent
NdisMCoRequestComplete
NdisWaitEvent
NdisInitializeEvent
NdisReadConfiguration
NdisCancelTimer
NdisMSleep
NdisPacketPoolUsage
NdisOpenConfigurationKeyByIndex
NdisCloseConfiguration
NdisOpenConfigurationKeyByName
NdisSetTimer
NdisMRegisterAdapterShutdownHandler
NdisMSetAttributesEx
NdisMGetDeviceProperty
NdisInitializeTimer
NdisMRegisterMiniport
NdisInitializeWrapper
NdisFreePacketPool
NdisFreeBufferPool
NdisAllocateBufferPool
NdisAllocatePacketPoolEx
NdisMCoActivateVcComplete
NdisMCoDeactivateVcComplete
NdisInterlockedDecrement

Exports

Exports

DllUnload
RndisMIndicateReceive
RndisMInitializeWrapper
RndisMSendComplete

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 256B - Virtual size: 167B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/usb8023k.sys
.sys windows:6 windows x86 arch:x86

4c56f1feade2e5f3fc54d7a165afa94d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

InterlockedDecrement
InterlockedIncrement
ExFreePool
IoFreeMdl
IoAllocateMdl
IoCancelIrp
memmove
MmMapLockedPagesSpecifyCache
ExAllocatePoolWithTag
KeSetEvent
IoAllocateIrp
MmBuildMdlForNonPagedPool
KeTickCount
KeInitializeEvent
KeInitializeTimer
KeInitializeDpc
KeSetTimer
IoQueueWorkItem
IoAllocateWorkItem
IofCallDriver
KeWaitForSingleObject
IoFreeIrp
IoFreeWorkItem
KeInitializeSpinLock

hal

KfRaiseIrql
KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock
KfLowerIrql

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptor

rndismpk.sys

RndisMInitializeWrapper
RndisMSendComplete
RndisMIndicateReceive

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 277B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/usb8023m.sys
.sys windows:5 windows x86 arch:x86

0375c1b2b8d8f2910edef3244fe5c2e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoAllocateIrp
InterlockedDecrement
InterlockedIncrement
ExFreePool
IoFreeMdl
IoAllocateMdl
IoCancelIrp
memmove
ExAllocatePoolWithTag
KeInitializeEvent
IofCallDriver
MmBuildMdlForNonPagedPool
MmMapLockedPages
KeTickCount
KeInitializeTimer
KeInitializeDpc
KeSetTimer
IoQueueWorkItem
KeWaitForSingleObject
KeSetEvent
IoAllocateWorkItem
IoFreeIrp
IoFreeWorkItem

hal

KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock

usbd.sys

USBD_CreateConfigurationRequestEx
USBD_ParseConfigurationDescriptor

rndismp.sys

RndisMSendComplete
RndisMInitializeWrapper
RndisMIndicateReceive

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 402B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/usb8023w.sys
.sys windows:5 windows x86 arch:x86

d5e9a88d5d6ff40a8a96298ec562d446

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExFreePool
IoFreeMdl
IoAllocateMdl
IoCancelIrp
memmove
ExAllocatePoolWithTag
IofCallDriver
InterlockedIncrement
MmBuildMdlForNonPagedPool
MmMapLockedPages
ExQueueWorkItem
ObfReferenceObject
ObfDereferenceObject
KeTickCount
KeWaitForSingleObject
KeSetEvent
KeInitializeEvent
KeInitializeTimer
InterlockedDecrement
IoAllocateIrp
KeInitializeDpc
KeSetTimer
IoFreeIrp

hal

KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock

usbd.sys

USBD_ParseConfigurationDescriptor
USBD_CreateConfigurationRequest

rndismp.sys

RndisMSendComplete
RndisMInitializeWrapper
RndisMIndicateReceive

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fscommand/ADSL_util_Setup.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fscommand/Doc/RT-104.pdf
.pdf
fscommand/RT104.exe
.exe windows:4 windows x86 arch:x86

c6b41176d3a4990ea711be428f8c774a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateEventA
CreateFileA
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentThreadId
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetStringTypeW
GetTempPathA
GetThreadLocale
GetVersion
GetVersionExA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
ReadFile
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetEvent
SetFilePointer
SetHandleCount
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpynA
lstrlenA

shell32

ShellExecuteA

user32

CharNextA
EnumThreadWindows
GetKeyboardType
GetSystemMetrics
LoadStringA
MessageBoxA
wsprintfA

oleaut32

SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VarBoolFromStr
VarBstrFromBool
VarBstrFromCy
VarBstrFromDate
VarCyFromStr
VarDateFromStr
VarI4FromStr
VarNeg
VarNot
VarR8FromStr
VariantChangeTypeEx
VariantClear
VariantCopy
VariantCopyInd
VariantInit

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fscommand/UtilClose.exe
.exe windows:4 windows x86 arch:x86

fbb0adb4dfc61d46beb6898e65a7a256

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateEventA
CreateFileA
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetStringTypeW
GetThreadLocale
GetVersion
GetVersionExA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
ReadFile
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetEvent
SetFilePointer
SetHandleCount
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpynA
lstrlenA

user32

CharNextA
EnumThreadWindows
FindWindowA
GetKeyboardType
GetSystemMetrics
LoadStringA
MessageBoxA
SendMessageA
wsprintfA

oleaut32

SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 122KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fscommand/adslclose.exe
.exe windows:4 windows x86 arch:x86

fbb0adb4dfc61d46beb6898e65a7a256

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateEventA
CreateFileA
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetStringTypeW
GetThreadLocale
GetVersion
GetVersionExA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
ReadFile
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetEvent
SetFilePointer
SetHandleCount
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpynA
lstrlenA

user32

CharNextA
EnumThreadWindows
FindWindowA
GetKeyboardType
GetSystemMetrics
LoadStringA
MessageBoxA
SendMessageA
wsprintfA

oleaut32

SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 122KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fscommand/adslsound.exe
.exe windows:4 windows x86 arch:x86

fb73a5b0601a39509679a3a38bd406eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateEventA
CreateFileA
DeleteCriticalSection
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentThreadId
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetStringTypeW
GetThreadLocale
GetVersion
GetVersionExA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
ReadFile
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetEvent
SetFilePointer
SetHandleCount
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpA
lstrcpynA
lstrlenA

gdi32

GetStockObject

user32

CharNextA
CreateWindowExA
DefWindowProcA
DispatchMessageA
EnumThreadWindows
GetKeyboardType
GetMessageA
GetSystemMetrics
KillTimer
LoadCursorA
LoadIconA
LoadStringA
MessageBoxA
PostQuitMessage
RegisterClassA
SetTimer
TranslateMessage
wsprintfA

winmm

PlaySoundA

oleaut32

SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VarBoolFromStr
VarBstrFromBool
VarBstrFromCy
VarBstrFromDate
VarCyFromStr
VarDateFromStr
VarI4FromStr
VarNeg
VarNot
VarR8FromStr
VariantChangeTypeEx
VariantClear
VariantCopy
VariantCopyInd
VariantInit

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fscommand/pdf_okuyucu_kurulum.exe
.exe windows:4 windows x86 arch:x86

78edf21f658dec92426ece2d04e0ddfc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
Sleep
DeleteFileA
GetModuleFileNameA
CloseHandle
WriteFile
CreateDirectoryA
CreateFileA
LoadResource
SizeofResource
FindResourceA
GetTempFileNameA
GetTempPathA
GetLastError
MultiByteToWideChar
FindFirstFileA
LockResource
FindClose
RaiseException
LCMapStringW
LCMapStringA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
ReadFile
GetProcAddress
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
GetStringTypeA
GetStringTypeW
FlushFileBuffers
SetStdHandle
SetEndOfFile

advapi32

RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

shell32

SHGetSpecialFolderLocation
SHChangeNotify
SHGetPathFromIDListA

ole32

CoCreateInstance
CoInitialize

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fscommand/welcomeEL.wav
fscommand/welcomeEN.wav
fscommand/welcomeRU.wav
fscommand/welcomeTR.wav
kurulum.exe
.exe windows:4 windows x86 arch:x86

9e604fa03f90625680ac2f8bef162aff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

setsockopt
gethostbyname
htonl
ioctlsocket
htons
WSAStartup
ntohl
WSACleanup

wininet

HttpQueryInfoA

crypt32

CertFreeCertificateContext
CertVerifySubjectCertificateContext
CertFindCertificateInStore
CertCreateCertificateContext
CryptGetMessageCertificates
CryptVerifyMessageSignature
CertCloseStore

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

winmm

waveInStop
waveInAddBuffer
waveInStart
waveInGetNumDevs
waveOutGetNumDevs
waveInClose
waveOutGetDevCapsA
waveOutPrepareHeader
waveOutWrite
waveOutReset
waveOutUnprepareHeader
waveInReset
waveInUnprepareHeader
waveInPrepareHeader
waveInOpen
waveInGetDevCapsA
timeGetTime
waveOutClose
waveOutOpen
timeKillEvent
timeSetEvent
timeGetDevCaps
timeBeginPeriod
timeEndPeriod

kernel32

GetSystemInfo
GetUserDefaultLangID
ExitThread
GlobalFree
GetFileAttributesA
GetFileAttributesW
LockResource
LoadResource
FindResourceExA
FindResourceExW
GlobalAlloc
CreateThread
GetTimeZoneInformation
GetSystemTime
SystemTimeToFileTime
DeleteFileA
DeleteFileW
MoveFileA
VirtualQuery
RemoveDirectoryA
RemoveDirectoryW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
ReadFile
WriteFile
GetTempFileNameA
GetTempPathA
GetTempFileNameW
GetTempPathW
SetFilePointer
GetFileSize
GetFileAttributesExA
GetFileAttributesExW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindClose
GetSystemDirectoryA
GetModuleFileNameA
MoveFileExA
CreateMutexA
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
WaitForSingleObject
WideCharToMultiByte
GlobalUnlock
GlobalLock
IsDBCSLeadByteEx
lstrlenA
SetEndOfFile
CopyFileA
CopyFileW
GetModuleFileNameW
GetCommandLineW
ExitProcess
GetModuleHandleA
GetCommandLineA
GetProcessTimes
GetCurrentProcess
CreateEventA
SetEvent
TlsAlloc
SetThreadPriority
InterlockedIncrement
InterlockedDecrement
ResetEvent
WaitForMultipleObjects
VirtualFree
VirtualAlloc
GetThreadPriority
GetCurrentThread
GetSystemDefaultLangID
FreeLibrary
GetLastError
GetStartupInfoA
CreateProcessA
CloseHandle
LCMapStringW
LCMapStringA
GetTickCount
GetCurrentThreadId
GetLocaleInfoA
SetErrorMode
LoadLibraryA
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
IsDBCSLeadByte
GetACP
GetCPInfo
MultiByteToWideChar
GetVersionExA
InterlockedExchange
InterlockedCompareExchange
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapAlloc
GetProcessHeap
MoveFileW
HeapFree

user32

GetSubMenu
LoadMenuA
SetTimer
KillTimer
GetClientRect
ScreenToClient
GetCursorPos
SetCursor
LoadCursorA
EndPaint
BeginPaint
GetMenu
DestroyWindow
GetFocus
WindowFromPoint
GetCapture
ReleaseCapture
SetCapture
TrackPopupMenu
ClientToScreen
DeleteMenu
GetMenuItemID
IsWindow
DefWindowProcA
GetWindowLongA
CreateWindowExA
RegisterClipboardFormatA
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
SetClipboardData
EmptyClipboard
InsertMenuA
InsertMenuW
RemoveMenu
GetWindow
UnregisterClassA
LoadStringW
MoveWindow
SetMenu
UpdateWindow
ShowWindow
SetDlgItemTextA
SetDlgItemTextW
EnableWindow
GetDlgItemTextA
GetWindowTextLengthA
DestroyMenu
GetWindowTextLengthW
PostQuitMessage
GetMenuStringA
GetMenuStringW
RegisterClassA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
PostThreadMessageA
GetQueueStatus
PeekMessageA
MsgWaitForMultipleObjects
RegisterWindowMessageA
SystemParametersInfoA
DialogBoxIndirectParamW
DialogBoxIndirectParamA
PostMessageA
EndDialog
SetWindowLongA
GetParent
GetWindowRect
GetDesktopWindow
SetWindowPos
LoadIconA
GetDlgItem
SendMessageA
SetWindowTextA
SetFocus
GetMenuItemCount
GetMenuItemInfoA
GetSystemMetrics
InsertMenuItemA
DdeInitializeA
DdeCreateStringHandleA
DdeConnect
DdeClientTransaction
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize
SendInput
GetKeyboardLayout
GetDC
ReleaseDC
GetDoubleClickTime
LoadStringA
EnableMenuItem
CheckMenuItem
InvalidateRect
WaitForInputIdle
MapVirtualKeyA
FillRect
GetKeyState
DialogBoxParamW
DialogBoxParamA
GetDlgItemTextW
MessageBoxA

gdi32

GetTextMetricsA
GetClipRgn
SetTextColor
ExtTextOutW
ExtTextOutA
CreateRectRgn
GetTextAlign
GetBkMode
GetTextColor
EnumFontFamiliesA
SetTextCharacterExtra
BeginPath
EndPage
DPtoLP
FillPath
ExtCreatePen
StrokePath
EndDoc
StartDocA
LPtoDP
CreateSolidBrush
GetClipBox
GetSystemPaletteEntries
CreatePalette
GetTextExtentPoint32A
CreatePen
GetBkColor
SetBkColor
GetCurrentObject
GetTextExtentPoint32W
EndPath
SetPolyFillMode
MoveToEx
LineTo
PolyBezierTo
SelectClipPath
SaveDC
RestoreDC
GdiFlush
DeleteObject
SelectObject
StretchDIBits
SetDIBitsToDevice
CreateCompatibleBitmap
GetObjectA
CreateCompatibleDC
DeleteDC
CreateDIBSection
GetDeviceCaps
BitBlt
RealizePalette
SelectPalette
GetStockObject
CreateFontIndirectA
SetBkMode
SetTextAlign
IntersectClipRect
SelectClipRgn
StartPage

comdlg32

GetOpenFileNameA
PrintDlgA
GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
GetSaveFileNameA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExA
RegCreateKeyA
RegSetValueA

shell32

DragQueryFileA
DragAcceptFiles
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHAppBarMessage
DragQueryFileW

ole32

CoTaskMemAlloc
CoFreeUnusedLibraries
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 842KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81281826d5160226603248e2647aca73

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 512B - Virtual size: 373B

.data Size: 512B - Virtual size: 308B

.edata Size: 512B - Virtual size: 192B

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

799e94d6de66a90d0559f19db693b4c5

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 384B - Virtual size: 344B

.data Size: 384B - Virtual size: 300B

.edata Size: 256B - Virtual size: 191B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

62c6c065770552943e5fb1d6aba93133

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 384B - Virtual size: 328B

.data Size: 384B - Virtual size: 300B

.edata Size: 256B - Virtual size: 167B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

4c56f1feade2e5f3fc54d7a165afa94d

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

usbd.sys

rndismpk.sys

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 512B - Virtual size: 277B

.data Size: 512B - Virtual size: 32B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 512B - Virtual size: 496B

0375c1b2b8d8f2910edef3244fe5c2e0

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

usbd.sys

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 512B - Virtual size: 373B

.data
Size: 512B - Virtual size: 308B

.edata
Size: 512B - Virtual size: 192B

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 384B - Virtual size: 344B

.data
Size: 384B - Virtual size: 300B

.edata
Size: 256B - Virtual size: 191B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 384B - Virtual size: 328B

.data
Size: 384B - Virtual size: 300B

.edata
Size: 256B - Virtual size: 167B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 512B - Virtual size: 277B

.data
Size: 512B - Virtual size: 32B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 256B - Virtual size: 248B

.data
Size: 128B - Virtual size: 24B

INIT
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 402B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 256B - Virtual size: 248B

.data
Size: 128B - Virtual size: 24B

INIT
Size: 1024B - Virtual size: 1004B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 412B

CODE
Size: 36KB - Virtual size: 35KB

DATA
Size: 1024B - Virtual size: 584B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 27KB - Virtual size: 27KB

.text
Size: 120KB - Virtual size: 120KB

.data
Size: 15KB - Virtual size: 32KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 8KB

.reloc
Size: 9KB - Virtual size: 12KB

.text
Size: 122KB - Virtual size: 124KB

.data
Size: 15KB - Virtual size: 32KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB