medusalocker | samples (2) (3)[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

samples (2) (3).zip
Size

2.1MB
MD5

ef77a8926ba8419c886a9862e064eb7f
SHA1

a12d66fca51f2ceb0a0d631f84924678b6481e48
SHA256

ef99a1844cbf354868a70cdcc2584ec94ffceafc4ffcd3a6b5563fa1d632844e
SHA512

a7f86c90e2734d1033eb5afd814b554c92bbd30128b02183d5cba689e7ac0b2c065eed9534cfac689e7bc6a405718fec8b567cbaf8e8711a791f707d2cc4f315
SSDEEP

49152:bGKM2Bb45hv8YJbPp38tBHjgq6/IyKU7UIk0EaQLeM+AZHDQl:bGKM2BU5hvbJbhOEq6MU7UIkxaQqMvy

Score

10^/10

medusalocker

Malware Config

Signatures

MedusaLocker payload 2 IoCs

resource	yara_rule
static1/unpack001/92bc1be719ed7048d662f0ae4cacad5ec1ef1968b050e70ff75ac1ac669cadfe	family_medusalocker
static1/unpack001/dc4840a0992b218cbedd5a7ac5c711cb98f1f9e78a8ffdea37c694061dfd34c6	family_medusalocker

Medusalocker family
medusalocker

Unsigned PE 23 IoCs

Checks for missing Authenticode signature.

resource
unpack001/100b8bfff550fb74c98a2ef9a71d4bb53553d2d7ba509bb451fe32814ec57e48
unpack001/16b51224239d3671b1af3e8f2656a2ad1e7f5fb9acb09111a95461338a841b49
unpack001/2727dde7418284bd2b16a032346a9c6921cbfb5e950ad21c9468792b71ee3898
unpack002/2001.exe
unpack001/48493bb68bc1062b11cc505e444db288ec6cba0c979d10a9b5a3ea775daf9420
unpack001/568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919
unpack001/57de0d2d5945db11d6c845459419a1b48a5cf415a7a0866c40b03afaec6fb4fe
unpack001/5e34ceeaf60a7cdfaeee0443a87edb92115727130323314628503dfe755b9505
unpack001/6e2db44578ff2fdcab7938517973ed9bfd3532d7b29b7798ceb9f04ed079c1ac
unpack001/75342ada938ea71dc863ee603a075a3ff7cbd759a091879f065a849650097a76
unpack001/7e623dca8a26a45440c331e383ac6ce3783d5c1bd60b91ee91ce0cc5841633e2
unpack001/87f2db714eac44b77889c850b8b6b55e2b117c88ac8f8923b47ac89fecadab7e
unpack001/8dcb1af1e7886834252394e9710ee72b9bfa910779c4ea041831d0622efa85b0
unpack001/92bc1be719ed7048d662f0ae4cacad5ec1ef1968b050e70ff75ac1ac669cadfe
unpack001/99a64960cdb5c24c738f33b630d0f7366035f93a4a6b323f35473b41b152972e
unpack001/ac14ef9548440238b903dc11480d653f83badc99392758da3fa90a1127d86313
unpack001/b2c5270c52c0301d23cba9a74dd04f48518feaf5383f03f83363350d9c2edf3e
unpack001/bd7203d56f0510e02fcda079f2cd00c51c6a6ad00841feef79100d553021f42c
unpack001/c078234a3045b53c2d6e970f03031950cfc001a23aed349c6a7a7c10aacaaed5
unpack001/d0d2c7f86abb7272c1fd2b70ecd9c10265508eec7b07917dcba3cf82c349589d
unpack001/db3529a2d96f82af48dd8b93615cf89ee5e0c9fe84d70222b30adcb947602881
unpack001/dc4840a0992b218cbedd5a7ac5c711cb98f1f9e78a8ffdea37c694061dfd34c6
unpack001/eeb492aeda18188a720c1512f0c8e0f68d9f89b7d80c16054187241d05966ffb

Files

samples (2) (3).zip
.zip
100b8bfff550fb74c98a2ef9a71d4bb53553d2d7ba509bb451fe32814ec57e48
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
16b51224239d3671b1af3e8f2656a2ad1e7f5fb9acb09111a95461338a841b49
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2727dde7418284bd2b16a032346a9c6921cbfb5e950ad21c9468792b71ee3898
.exe windows:4 windows x86 arch:x86

9bc73f90cc888e6d72c4148aed909387

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
InitializeCriticalSection
VirtualLock
SetThreadPriority
GetFullPathNameW
GetUserDefaultUILanguage
GetCommandLineW
GetTimeZoneInformation
CreateThread
SetFilePointer
GetStartupInfoA
GetCurrentProcess
GetLocalTime
GetProcAddress
DuplicateHandle
GlobalUnlock
GetProfileIntW
GetSystemDirectoryW
GetModuleHandleA
Sleep
TerminateThread
SuspendThread

user32

IsCharAlphaNumericW
SystemParametersInfoA
SetWindowPlacement
EnableWindow
GetMenuItemCount
GetMenuStringW
GetMenuItemID
SetRectEmpty
GetWindowRgn
GetKeyNameTextW
GetSubMenu
GetShellWindow
ToUnicode
InsertMenuItemW
DeleteMenu
ToAscii
GetDlgItem
SystemParametersInfoW
GetAncestor
FindWindowW
CreateMenu
GetMenuContextHelpId
HiliteMenuItem
GetDlgItemTextW
OpenIcon
PostThreadMessageW
GetSystemMenu
IsWindowVisible
DestroyMenu
EnumPropsW
LoadIconW
IsDlgButtonChecked
SendDlgItemMessageA
SetMenuInfo
InvalidateRect

gdi32

CreateEllipticRgnIndirect
GetFontLanguageInfo
CreatePolyPolygonRgn
SetColorAdjustment

advapi32

RegDeleteKeyW
CryptHashSessionKey
CryptEnumProvidersW
CryptContextAddRef
DuplicateToken
CryptGetProvParam
GetUserNameW
RegLoadKeyW
CryptSetHashParam
CryptImportKey
RegGetKeySecurity
CryptSetKeyParam
RegConnectRegistryW
CryptDestroyHash
CryptDeriveKey

ole32

OleDuplicateData
StringFromGUID2
WriteClassStg
CoTaskMemAlloc
CreateBindCtx
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CLSIDFromString
CLSIDFromProgID
StringFromCLSID
CoTreatAsClass
CoCreateInstance
ReleaseStgMedium
SetConvertStg
CoDisconnectObject
CoTaskMemFree
OleRegGetUserType

comdlg32

ChooseFontW

shell32

ExtractIconW
DragFinish
SHGetFileInfoW

shlwapi

PathRemoveExtensionW

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
29dd920ac1453b5be12fcef5af45690dbbe625e985f6692e237a057e832937e5
.zip
2001.exe
.exe windows:6 windows x86 arch:x86

65f731597048104980e8041a141b37d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PostQueuedCompletionStatus
GetLogicalDrives
GetCurrentProcess
TerminateProcess
CreateMutexA
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
Sleep
OpenMutexA
Process32NextW
GetCurrentThread
Process32FirstW
GetThreadContext
FindClose
GetTickCount
IsDebuggerPresent
CheckRemoteDebuggerPresent
GetQueuedCompletionStatus
GetSystemInfo
CreateThread
CreateIoCompletionPort
WriteConsoleW
GetConsoleMode
FindNextFileW
FindFirstFileW
GetProcessHeap
MoveFileExW
SetFilePointerEx
HeapAlloc
GetLastError
SetFileAttributesW
GetFileAttributesW
HeapFree
GetFileSizeEx
ReadFile
WideCharToMultiByte
GetConsoleCP
FlushFileBuffers
GetModuleHandleW
CloseHandle
HeapReAlloc
HeapSize
MultiByteToWideChar
CreateFileW
GetUserDefaultLocaleName
CreateProcessA
WriteFile
GetStringTypeW
SetStdHandle
GetFileType
DecodePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
LCMapStringW

user32

LoadStringW

advapi32

ControlService
CryptImportKey
CryptGenRandom
CryptEncrypt
CryptAcquireContextW
CryptDestroyKey
QueryServiceStatusEx
CloseServiceHandle
OpenSCManagerW
CryptReleaseContext
EnumDependentServicesW
OpenServiceW

shell32

SHEmptyRecycleBinW

crypt32

CryptStringToBinaryA

mpr

WNetGetConnectionW

iphlpapi

IcmpCloseHandle
GetAdaptersInfo
IcmpCreateFile
IcmpSendEcho

netapi32

NetShareEnum
NetDfsEnum
NetApiBufferFree

ws2_32

getnameinfo
WSACleanup
WSAStartup
inet_addr
htons

rstrtmgr

RmStartSession
RmShutdown
RmEndSession
RmGetList
RmRegisterResources

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3c5ffe21fd24c4daf62f5190d96e65bf7a25232ef9ec956a77db910e90750017
.js
48493bb68bc1062b11cc505e444db288ec6cba0c979d10a9b5a3ea775daf9420
.exe windows:5 windows x86 arch:x86

ba2ce247fa49357770ce28f139e2f1ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointerEx
CloseHandle
lstrlenW
CreateFileW
HeapCreate
GetCurrentProcess
ExitProcess
CreateThread
GetCurrentThread
SetThreadPriority
WaitForMultipleObjects
Sleep
GetLogicalDrives
SetFilePointer
FindClose
lstrcmpiA
lstrcmpiW
lstrcpyA
ReadFile
lstrcatW
GetModuleFileNameW
CreateProcessW
GetEnvironmentVariableW
GetDriveTypeA
GetTempPathW
GetTempFileNameW
SetFileAttributesW
GetFileAttributesW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileExW
SetPriorityClass
MultiByteToWideChar
WideCharToMultiByte
CompareStringA
WriteFile
GetFileSizeEx
GetLastError
lstrlenA
GetProcessHeap
HeapFree
HeapReAlloc
lstrcpyW
HeapAlloc

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW

shell32

SHChangeNotify
ShellExecuteExW

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathAddBackslashW

ntdll

_aulldiv
_alldiv
_allrem
_chkstk
RtlUnwind
NtQueryVirtualMemory

Sections

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919
.exe windows:4 windows x86 arch:x86

5777b684a0736f7ae30b177389354662

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetProcAddress
GetModuleHandleA
GetSystemTime
CreateThread
SetLastError
GlobalFindAtomW
GetSystemInfo
MoveFileWithProgressW
GlobalAddAtomW
LocalAlloc
FindFirstFileExW
ReleaseMutex
GetSystemDefaultLCID
Sleep
GetCommandLineW
SetComputerNameW
GetVersionExA
FindFirstFileW
GetVersionExW
GetFileTime
RaiseException
FatalAppExitA
DisconnectNamedPipe
CreateMutexW
GlobalReAlloc
HeapFree
OutputDebugStringW
GetVersion

user32

FillRect
RedrawWindow
GetWindowModuleFileNameW
CopyRect
ScreenToClient
KillTimer
GetWindowDC
wsprintfW
GetClipboardFormatNameW
GetMenuCheckMarkDimensions
SetWindowTextW
ShowScrollBar
GetCaretPos
LoadBitmapW
GetWindowTextW
CheckMenuItem
CreatePopupMenu
SetScrollInfo
GetNextDlgGroupItem
CharLowerW
GetWindowLongW
LoadKeyboardLayoutW
EndDialog
GetCursorFrameInfo
DrawFrame
GetDlgItemTextW
DestroyMenu
MenuWindowProcW
LoadCursorW
FrameRect
GetSysColorBrush
DestroyWindow

gdi32

PatBlt
GetPolyFillMode
StrokePath
SetTextCharacterExtra
CloseEnhMetaFile
GetCharABCWidthsFloatW
SetPaletteEntries
GetCharWidthFloatW
IntersectClipRect
CreateCompatibleBitmap
CreateEllipticRgn
GetWindowOrgEx
GetViewportOrgEx
CreateBitmapIndirect
SaveDC
GdiComment

advapi32

SetSecurityDescriptorOwner
RegConnectRegistryW
CryptGetKeyParam
IsValidSecurityDescriptor
RegGetKeySecurity
RegQueryValueW
CryptDeriveKey
RegFlushKey

ole32

CreateBindCtx
SetConvertStg
ReadClassStg

shell32

ExtractIconW
SHGetFileInfoW
DragFinish
DragAcceptFiles

shlwapi

PathIsUNCW
PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW

comdlg32

ChooseFontW
GetOpenFileNameW

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
57de0d2d5945db11d6c845459419a1b48a5cf415a7a0866c40b03afaec6fb4fe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5e34ceeaf60a7cdfaeee0443a87edb92115727130323314628503dfe755b9505
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
6e2db44578ff2fdcab7938517973ed9bfd3532d7b29b7798ceb9f04ed079c1ac
.exe windows:4 windows x86 arch:x86

375978e5ed0017e44650ec97cc3b9a7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAddAtomW
SleepEx
GetProcAddress
FindClose
ReadFile
GetModuleHandleA
LCMapStringW
GetDateFormatA
SetEnvironmentVariableW
GetOEMCP
HeapFree
GetShortPathNameW
GetUserDefaultLCID
CreateDirectoryExW
lstrcmpW
Sleep
GlobalDeleteAtom
VirtualQuery
GetConsoleOutputCP
CreateThread
QueryPerformanceCounter
MulDiv
OpenEventW
MoveFileWithProgressW
GetCommandLineW
UnmapViewOfFile
GlobalFree
GetLocaleInfoW
LoadResource
GetStringTypeExW
GetConsoleMode
InterlockedCompareExchange
VirtualProtect

user32

GetSysColorBrush
GetSystemMenu
DrawAnimatedRects
GetParent
EnumPropsW
IsWindowEnabled
GetDlgCtrlID
GetWindowRgn
OpenClipboard
GetMenu
SetClipboardViewer
BeginDeferWindowPos
DefDlgProcW
UnregisterClassW
ChangeClipboardChain
TabbedTextOutW
HiliteMenuItem
WindowFromPoint
GetShellWindow
GetCapture
AdjustWindowRectEx
InsertMenuItemW
GetClipboardFormatNameW
GetClassNameW
GetWindowModuleFileNameW
GetDialogBaseUnits
ShowScrollBar
LockWindowUpdate
BeginPaint
GetMessagePos
SetMenuContextHelpId
IsWindowVisible
GetKeyNameTextW
SetMenu

ole32

ReadClassStg
CLSIDFromString
CoCreateInstance
StringFromCLSID
StringFromGUID2
CreateBindCtx
CLSIDFromProgID
WriteFmtUserTypeStg
CoDisconnectObject
ReleaseStgMedium
CoTaskMemFree
OleRegGetUserType
SetConvertStg
CoTaskMemAlloc
WriteClassStg
ReadFmtUserTypeStg
OleDuplicateData

gdi32

CreatePenIndirect
GetAspectRatioFilterEx
GetOutlineTextMetricsW
Polygon
EndDoc
CreateDCW
GetBitmapBits
GetROP2

advapi32

IsValidSid
RegOpenKeyW
CryptSetKeyParam
CryptEncrypt
RegConnectRegistryW
RegEnumKeyW
RegCreateKeyExW

shell32

ExtractIconW
SHGetFileInfoW
DragAcceptFiles

shlwapi

PathFindFileNameW
PathRemoveExtensionW
PathIsUNCW
PathFindExtensionW

comdlg32

GetSaveFileNameW
ChooseFontW

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
75342ada938ea71dc863ee603a075a3ff7cbd759a091879f065a849650097a76
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7e623dca8a26a45440c331e383ac6ce3783d5c1bd60b91ee91ce0cc5841633e2
.exe windows:5 windows x86 arch:x86

5e1bececbc581dac5bc5d9160c0fdb2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetMailslotInfo
ExitThread
GetStartupInfoW
GetLastError
GetCurrentDirectoryW
GetProcAddress
LocalAlloc
AddAtomA
FindAtomA
FindAtomW
LoadLibraryW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
FindResourceExA
GetEnvironmentStrings
GetSystemTimes
EnumTimeFormatsW
GetTickCount
GetComputerNameW
WriteConsoleOutputCharacterW
FindFirstChangeNotificationW
LocalFree
ExitProcess
MultiByteToWideChar
SetFilePointer
SetStdHandle
HeapReAlloc
HeapAlloc
GetModuleHandleW
Sleep
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
DeleteCriticalSection
HeapCreate
VirtualFree
VirtualAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
CloseHandle
CreateFileA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetModuleHandleA
GetConsoleCP
GetConsoleMode
FlushFileBuffers

user32

EndPaint
SetParent
GetMenu
RegisterClassExW
GetAltTabInfoA
SetProcessDefaultLayout
DlgDirSelectExA

gdi32

CreateCompatibleBitmap
SetViewportExtEx
CreateDiscardableBitmap

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
87f2db714eac44b77889c850b8b6b55e2b117c88ac8f8923b47ac89fecadab7e
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8dcb1af1e7886834252394e9710ee72b9bfa910779c4ea041831d0622efa85b0
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 155B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
92bc1be719ed7048d662f0ae4cacad5ec1ef1968b050e70ff75ac1ac669cadfe
.exe windows:6 windows x86 arch:x86

408139bd668308134c506a465d16c642

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptStringToBinaryW
CryptBinaryToStringW

shlwapi

StrStrIW
PathIsUNCW
PathFindExtensionW

rstrtmgr

RmStartSession
RmEndSession
RmGetList
RmRegisterResources

mpr

WNetGetConnectionW

kernel32

QueryDosDeviceW
GetLogicalDrives
FindFirstVolumeW
SetVolumeMountPointW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
DeleteVolumeMountPointW
FindNextVolumeW
GetDriveTypeW
ReadFile
CloseThreadpool
CreateThreadpool
FindFirstFileExW
FindNextFileW
WriteFile
FindClose
CreateFileW
SetThreadpoolThreadMinimum
SetFileAttributesW
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
SetThreadpoolThreadMaximum
CreateThreadpoolCleanupGroup
SubmitThreadpoolWork
GetWindowsDirectoryW
SetFilePointerEx
lstrcmpiW
MoveFileW
GetLastError
SizeofResource
GetCurrentProcess
AssignProcessToJobObject
TerminateProcess
InitializeProcThreadAttributeList
CreatePipe
PeekNamedPipe
WaitForSingleObject
OpenProcess
MultiByteToWideChar
UpdateProcThreadAttribute
LockResource
LoadResource
FindResourceW
GetCurrentProcessId
CreateProcessW
GetModuleHandleW
WideCharToMultiByte
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetFileSizeEx
GetFileAttributesExW
GetExitCodeProcess
CreateJobObjectW
SetInformationJobObject
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize
HeapReAlloc
WriteConsoleW
DecodePointer
CloseHandle
CreateThreadpoolWork
GetFileType
LocalFree
FormatMessageA
GetLocaleInfoEx
RaiseException
WaitForSingleObjectEx
GetCurrentThreadId
GetNativeSystemInfo
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CloseThreadpoolWork
GetModuleHandleExW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
InitOnceComplete
InitOnceBeginInitialize
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
RtlUnwind
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW

user32

GetWindowThreadProcessId
RegisterWindowMessageW
GetShellWindow

advapi32

CryptGenRandom
RegSetValueExW
OpenProcessToken
GetTokenInformation
CryptDestroyKey
CryptGetKeyParam
CryptAcquireContextW
CryptEncrypt
RegGetValueW
CryptExportKey
CryptImportKey
CryptGenKey
CryptReleaseContext
RegCloseKey
RegCreateKeyExW

shell32

SHEmptyRecycleBinW

ole32

CoGetObjectContext
CoGetApartmentType

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
99a64960cdb5c24c738f33b630d0f7366035f93a4a6b323f35473b41b152972e
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ac14ef9548440238b903dc11480d653f83badc99392758da3fa90a1127d86313
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b23649995f0e38fd0d8ac8c4d7462e36ac5f7ff86762fb15ec2b332a8df5a087
.js
b2c5270c52c0301d23cba9a74dd04f48518feaf5383f03f83363350d9c2edf3e
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bd7203d56f0510e02fcda079f2cd00c51c6a6ad00841feef79100d553021f42c
.exe windows:4 windows x86 arch:x86

55987a431e619a936b03bdae679cd0a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
OpenProcessToken
LookupPrivilegeValueW
LookupAccountNameW
InitializeSecurityDescriptor
AdjustTokenPrivileges
QueryServiceStatus
OpenServiceA
OpenSCManagerA
EnumDependentServicesA
ControlService
CloseServiceHandle
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
BuildTrusteeWithSidW

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
UnregisterClassA
TranslateMessage
ShowWindow
SetTimer
SetMenu
SendMessageW
SendMessageA
RegisterHotKey
RegisterClassA
PeekMessageA
MsgWaitForMultipleObjects
MoveWindow
ModifyMenuA
MessageBoxA
LoadStringA
LoadCursorA
KillTimer
GetWindowRect
GetWindowLongA
GetSystemMetrics
GetMessageA
EnableWindow
DispatchMessageA
DefWindowProcA
CreatePopupMenu
CreateMenu
CharNextW
CharLowerBuffW
AppendMenuA
CharNextA
CharLowerBuffA
CharUpperBuffA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
WriteFile
WaitForSingleObject
VirtualQuery
TerminateThread
TerminateProcess
SetThreadPriority
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesW
SetEvent
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
QueryDosDeviceA
OpenProcess
MoveFileExW
LocalFree
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalHandle
GlobalLock
GlobalFree
GlobalAlloc
GetVersionExA
GetTickCount
GetThreadLocale
GetSystemInfo
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetLogicalDriveStringsA
GetLocaleInfoW
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetEnvironmentVariableA
GetDriveTypeW
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DuplicateHandle
DeleteFileW
DeleteFileA
DeleteCriticalSection
CreateProcessA
CreatePipe
CreateMutexW
CreateFileW
CreateFileA
CreateEventA
CreateDirectoryW
CopyFileW
CompareStringW
CompareStringA
CloseHandle
Sleep
FindVolumeClose
SetVolumeMountPointW
GetVolumePathNamesForVolumeNameW
FindNextVolumeW
FindFirstVolumeW

gdi32

DeleteObject
CreateFontA

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

wininet

InternetReadFile
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
HttpAddRequestHeadersA

comctl32

InitCommonControls

shell32

ShellExecuteW
DragQueryFileW
DragAcceptFiles

ntdll

NtQueryObject
NtQuerySystemInformation

netapi32

NetShareEnum

comdlg32

GetOpenFileNameW

secur32

GetUserNameExW

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
c078234a3045b53c2d6e970f03031950cfc001a23aed349c6a7a7c10aacaaed5
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d0d2c7f86abb7272c1fd2b70ecd9c10265508eec7b07917dcba3cf82c349589d
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
db3529a2d96f82af48dd8b93615cf89ee5e0c9fe84d70222b30adcb947602881
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dc4840a0992b218cbedd5a7ac5c711cb98f1f9e78a8ffdea37c694061dfd34c6
.exe windows:6 windows x86 arch:x86

4888d68c12fa3e39afa09d6f1d249632

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptStringToBinaryW
CryptBinaryToStringW

shlwapi

PathFindExtensionW
StrStrIW

rstrtmgr

RmEndSession
RmStartSession
RmRegisterResources
RmGetList

kernel32

GetModuleHandleW
QueryDosDeviceW
GetLogicalDrives
FindFirstVolumeW
SetVolumeMountPointW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
DeleteVolumeMountPointW
FindNextVolumeW
GetDriveTypeW
ReadFile
CloseThreadpool
CreateThreadpool
FindFirstFileExW
FindNextFileW
WriteFile
CreateMutexW
FindClose
CreateFileW
SetThreadpoolThreadMinimum
SetFileAttributesW
LoadResource
CloseThreadpoolCleanupGroupMembers
SetThreadpoolThreadMaximum
CloseHandle
CreateThreadpoolCleanupGroup
SubmitThreadpoolWork
SetFilePointerEx
GetConsoleWindow
lstrcmpiW
MoveFileW
CreateThreadpoolWork
TerminateProcess
WaitForSingleObject
OpenProcess
MultiByteToWideChar
GetCurrentProcessId
WideCharToMultiByte
GetStringTypeW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
LockResource
GetLastError
GetEnvironmentVariableW
GetModuleFileNameW
SizeofResource
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize
HeapReAlloc
WriteConsoleW
DecodePointer
FindResourceW
CloseThreadpoolCleanupGroup
GetCPInfo
GetOEMCP
GetACP
LocalFree
FormatMessageA
GetLocaleInfoEx
RaiseException
WaitForSingleObjectEx
Sleep
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CloseThreadpoolWork
GetModuleHandleExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetProcAddress
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
QueryPerformanceCounter
QueryPerformanceFrequency
InitOnceBeginInitialize
InitOnceComplete
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
GetCurrentProcess
RtlUnwind
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
ExitProcess
GetStdHandle
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetFileType
GetFileSizeEx
IsValidCodePage

user32

RegisterWindowMessageW
GetAsyncKeyState
IsWindowVisible
ShowWindow

advapi32

CryptExportKey
RegSetValueExW
CryptDestroyKey
CryptGetKeyParam
CryptAcquireContextW
CryptEncrypt
CryptGenRandom
RegGetValueW
CryptImportKey
CryptGenKey
CryptReleaseContext
RegCloseKey
RegCreateKeyExW

shell32

SHEmptyRecycleBinW
ShellExecuteW

ole32

CoGetObjectContext
CoGetApartmentType

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eeb492aeda18188a720c1512f0c8e0f68d9f89b7d80c16054187241d05966ffb
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 306KB - Virtual size: 305KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 107KB - Virtual size: 106KB

.rsrc Size: 99KB - Virtual size: 98KB

.reloc Size: 512B - Virtual size: 12B

9bc73f90cc888e6d72c4148aed909387

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

comdlg32

shell32

shlwapi

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 20KB - Virtual size: 20KB

65f731597048104980e8041a141b37d6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

crypt32

mpr

iphlpapi

netapi32

ws2_32

rstrtmgr

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 12KB - Virtual size: 12KB

ba2ce247fa49357770ce28f139e2f1ab

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

ntdll

Sections

.rdata Size: 52KB - Virtual size: 52KB

5777b684a0736f7ae30b177389354662

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

.text
Size: 306KB - Virtual size: 305KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 107KB - Virtual size: 106KB

.rsrc
Size: 99KB - Virtual size: 98KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 20KB - Virtual size: 20KB

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 12KB - Virtual size: 12KB

.rdata
Size: 52KB - Virtual size: 52KB

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 23KB - Virtual size: 22KB

.text
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 99KB - Virtual size: 98KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 32KB - Virtual size: 32KB

.sdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 21KB - Virtual size: 20KB

.text
Size: 164KB - Virtual size: 163KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 152KB - Virtual size: 152KB

.rdata
Size: 18KB - Virtual size: 18KB