3a8af0505ed1beae547c8dc5b444c0a7

Sharing

Copy URL Twitter E-mail

General

Target

3a8af0505ed1beae547c8dc5b444c0a7
Size

328KB
MD5

3a8af0505ed1beae547c8dc5b444c0a7
SHA1

f1c1453dd111ad73b5c79727b42f774cd8521bf9
SHA256

7d6751f5a688bf0456dde3f56345208d34ce1b578e41889fead6d3642f763b80
SHA512

09850c908a38bcdbd169d6caada87f3afb11eab75cb2fa4976f31ec6b035af2c40133d6651d06410220c43519fe756935cb5a6396b952625c273c9f618bce96a
SSDEEP

6144:8doKJnSwpBBaaFw9nazgu8obQPeXMYSm2bXekyuefS3vmiH:8dBS2BJUnaA1x9Dyuj3v/

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/icons.dll
unpack001/md5.dll
unpack001/mdx.dll
unpack001/passdog.exe
unpack001/pdup.exe
unpack001/rc5.dll

Files

3a8af0505ed1beae547c8dc5b444c0a7
.rar
icons.dll
.dll windows:4 windows x86 arch:x86

b15f50e3f2711e0feb9b6d0b6f0258b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
LoadLibraryA
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo

Exports

Exports

?IconsGetIconCount@@YAIXZ
?IconsGetIconIndex@@YAIXZ

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
md5.dll
.dll windows:4 windows x86 arch:x86

fa24adbb80137cdf7ab4125af7b20e64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
RaiseException
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcAddress
GetModuleHandleA
HeapFree
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
InterlockedExchange
VirtualQuery
LoadLibraryA
LCMapStringA
MultiByteToWideChar
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
VirtualProtect
GetSystemInfo

Exports

Exports

Md5AcquireContext
Md5DecodeBytes
Md5EncodeBytes
Md5EqualHashes
Md5FinalHash
Md5Initialize
Md5ReleaseContext
Md5ResetContext
Md5Uninitialize
Md5UpdateHash
Md5ValidContext

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mdx.dll
.dll windows:4 windows x86 arch:x86

fa24adbb80137cdf7ab4125af7b20e64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
RaiseException
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcAddress
GetModuleHandleA
HeapFree
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
InterlockedExchange
VirtualQuery
LoadLibraryA
LCMapStringA
MultiByteToWideChar
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
VirtualProtect
GetSystemInfo

Exports

Exports

MdxAcquireContext
MdxEqualHashes
MdxExpandData
MdxGetExpandedBufferSize
MdxHashBuffer
MdxHashData
MdxHashDependentBuffer
MdxHashFinal
MdxInitialize
MdxReleaseContext
MdxResetContext
MdxUninitialize
MdxValidContext

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
passdog.exe
.exe windows:4 windows x86 arch:x86

bc6099fbcca85b6ddd20d8e09b01a429

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFindFileNameA
PathCombineA
PathRemoveFileSpecA
PathCompactPathExA

rc5

Rc5DecryptBlock
Rc5SetBinaryPrivateKey
Rc5AcquireContext
Rc5ReleaseContext
Rc5ValidContext
Rc5EncryptBlock
Rc5RecryptBlock

mdx

MdxHashData
MdxExpandData
MdxEqualHashes
MdxGetExpandedBufferSize
MdxUninitialize
MdxInitialize

md5

Md5Initialize
Md5AcquireContext
Md5UpdateHash
Md5FinalHash
Md5ReleaseContext
Md5Uninitialize

icons

?IconsGetIconCount@@YAIXZ
?IconsGetIconIndex@@YAIXZ

kernel32

WritePrivateProfileStringA
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GetTickCount
IsBadReadPtr
VirtualProtect
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
ExitProcess
RtlUnwind
HeapReAlloc
TerminateProcess
HeapSize
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GlobalFlags
DeleteCriticalSection
InitializeCriticalSection
RaiseException
FileTimeToSystemTime
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
SetLastError
MulDiv
FormatMessageA
LocalFree
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
FreeLibrary
lstrcatA
lstrcmpW
GetProcAddress
GlobalFree
FreeResource
HeapAlloc
GetProcessHeap
HeapFree
GetVersion
CompareStringA
lstrcmpiA
MultiByteToWideChar
CompareStringW
lstrlenA
GetLastError
CreateMutexA
CloseHandle
ReleaseMutex
WideCharToMultiByte
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetModuleFileNameA
CopyFileA
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpynA
GetCurrentThreadId
FindResourceA
LoadResource
LockResource
SizeofResource
GetModuleHandleA
lstrcpyA
InterlockedDecrement
VirtualAlloc

user32

GrayStringA
GetWindowDC
DestroyMenu
PostQuitMessage
MapDialogRect
SetWindowContextHelpId
ValidateRect
TranslateMessage
GetMessageA
CharNextA
IsRectEmpty
SetRect
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
RegisterClipboardFormatA
PostThreadMessageA
DrawTextExA
TabbedTextOutA
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
wsprintfA
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthA
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
TrackPopupMenu
GetKeyState
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
DefWindowProcA
SetWindowPos
OffsetRect
IntersectRect
GetWindowPlacement
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetWindowLongA
UpdateWindow
CreateCursor
CallWindowProcA
EndPaint
DrawTextA
BeginPaint
GetWindowLongA
GetClassLongA
CharUpperA
LoadImageA
DestroyIcon
DestroyCursor
SendMessageA
RealChildWindowFromPoint
SetCapture
SetCursor
ReleaseCapture
GetAncestor
WindowFromPoint
GetParent
ScreenToClient
GetDlgCtrlID
DrawFocusRect
DrawIconEx
CopyRect
GetCursor
PtInRect
GetSysColorBrush
LoadCursorA
ShowWindow
MapWindowPoints
KillTimer
SetTimer
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
IsWindowVisible
CheckMenuItem
SetForegroundWindow
GetFocus
MessageBeep
GetDlgItem
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
TranslateAcceleratorA
GetCursorPos
DestroyAcceleratorTable
UnregisterHotKey
MessageBoxA
GetMenu
DrawIcon
GetSystemMetrics
IsIconic
LoadBitmapA
LoadIconA
RegisterHotKey
LoadAcceleratorsA
ReleaseDC
GetDC
PostMessageA
RegisterWindowMessageA
EnableMenuItem
GetSubMenu
LoadMenuA
GetWindowRect
ChildWindowFromPoint
ClientToScreen
GetWindowTextA
EnableWindow
SystemParametersInfoA
GetClientRect
GetSysColor
DrawFrameControl
InflateRect
InvalidateRect

gdi32

GetMapMode
GetBkColor
GetTextColor
GetRgnBox
DeleteDC
ExtSelectClipRgn
SetMapMode
SetBkMode
RestoreDC
SaveDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
CreateRectRgnIndirect
CreateBitmap
GetClipBox
GetStockObject
SetBkColor
GetObjectA
CreateSolidBrush
TextOutA
LineTo
MoveToEx
Rectangle
SetTextColor
SelectObject
CreatePen
GetTextExtentPoint32A
DeleteObject
GetDeviceCaps
CreateFontIndirectA
SetViewportOrgEx
Escape
ExtTextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegOpenKeyA
RegEnumKeyA
RegQueryValueA
RegFlushKey

shell32

Shell_NotifyIconA
ShellExecuteA
SHGetFolderPathA

comctl32

ImageList_BeginDrag
ImageList_AddMasked
ImageList_DragEnter
ImageList_GetIcon
ImageList_GetImageCount
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DragLeave
ImageList_EndDrag
ord17
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon

oledlg

ord8

ole32

CoTaskMemFree
OleRun
CoCreateInstance
CoUninitialize
CoInitialize
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes

oleaut32

GetErrorInfo
OleCreateFontIndirect
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantInit
VariantClear
VariantChangeType
SysAllocString
SystemTimeToVariantTime
SysAllocStringLen
VariantCopy
SafeArrayDestroy

Sections

.text
Size: 304KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 504KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pdup.exe
.exe windows:4 windows x86 arch:x86

3fec67eb855e904d4dc4c42d273f6210

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3742
ord567
ord825
ord818
ord4275
ord1233
ord5261
ord755
ord470
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord6215
ord823
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord324
ord641
ord4234
ord1105
ord1138
ord2976
ord765
ord800
ord941
ord537
ord858
ord924
ord540
ord939
ord860
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord807
ord796
ord674
ord554
ord529
ord366
ord2494
ord2627
ord2626
ord6000
ord2117
ord6625
ord4457
ord4163
ord5252
ord5981
ord4427
ord1168
ord3402
ord3698
ord2370
ord2302
ord6199
ord6334
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord2086
ord6055
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_chdir
_mkdir
strlen
_stricmp
strcmp
strncpy
strcat
_setmbcp
sprintf
memset
__CxxFrameHandler
_mbsrchr
strcpy
strstr
_controlfp

kernel32

ReleaseMutex
WaitForSingleObject
WinExec
GetPrivateProfileIntA
GetPrivateProfileStringA
MoveFileExA
WritePrivateProfileStringA
GetShortPathNameA
GetSystemDefaultLangID
FindClose
DeleteFileA
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
CloseHandle
CreateProcessA
GetStartupInfoA
GetModuleFileNameA
GetVersionExA
GetModuleHandleA
GetProcAddress
CopyFileA
CreateMutexA
GetSystemTime

user32

KillTimer
MessageBoxA
UpdateWindow
FindWindowA
SetTimer
LoadCursorA
EnableWindow
SendMessageA

advapi32

RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExA

urlmon

URLDownloadToFileA

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rc5.dll
.dll windows:4 windows x86 arch:x86

8f6753dd77d044409b221814115ad798

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
RaiseException
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
SetUnhandledExceptionFilter
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
InterlockedExchange
VirtualQuery
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo

Exports

Exports

Rc5AcquireContext
Rc5CbcAcquireContext
Rc5CbcReleaseContext
Rc5CbcResetContext
Rc5CbcSetBinaryPrivateKey
Rc5Decrypt
Rc5DecryptBlock
Rc5Encrypt
Rc5EncryptBlock
Rc5Recrypt
Rc5RecryptBlock
Rc5ReleaseContext
Rc5ResetContext
Rc5SetBinaryPrivateKey
Rc5SetPrivateKey
Rc5ValidContext

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
upv.dat
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

b15f50e3f2711e0feb9b6d0b6f0258b5

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 104KB - Virtual size: 101KB

.reloc Size: 4KB - Virtual size: 3KB

fa24adbb80137cdf7ab4125af7b20e64

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 936B

.reloc Size: 8KB - Virtual size: 4KB

fa24adbb80137cdf7ab4125af7b20e64

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 6KB

.reloc Size: 8KB - Virtual size: 4KB

bc6099fbcca85b6ddd20d8e09b01a429

Headers

File Characteristics

Imports

shlwapi

rc5

mdx

md5

icons

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

Sections

.text Size: 304KB - Virtual size: 300KB

.rdata Size: 112KB - Virtual size: 109KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 504KB - Virtual size: 500KB

3fec67eb855e904d4dc4c42d273f6210

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

urlmon

Sections

.text Size: 32KB - Virtual size: 28KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 104KB - Virtual size: 101KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 936B

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 6KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 304KB - Virtual size: 300KB

.rdata
Size: 112KB - Virtual size: 109KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 504KB - Virtual size: 500KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 5KB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 936B

.reloc
Size: 8KB - Virtual size: 4KB