43ffae0c9911294bda931fcf32541e61

Sharing

Copy URL Twitter E-mail

General

Target

43ffae0c9911294bda931fcf32541e61
Size

2.1MB
MD5

43ffae0c9911294bda931fcf32541e61
SHA1

2491ed28e851acdf372a45ebdcc31c155d760501
SHA256

52f29caafa49148829fe8576ce104f71519e9d09d535ba2c6d77120ff93e0d40
SHA512

d5740380980f5e371d78c0e74296c2fd5a22f15c0929358a6002223a4a4c22a302c7b0dcfb760cb471025f8bfcb57d8226628e4ff90bfdf9b2f7325107f01666
SSDEEP

49152:f0jxDjpiPZKi+RwSSOFIgMM8fKRRDSbvSJIJV8SHhzLP7c0Y:fUKNSShvfKjSbvSo7zLD6

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FZG_DR/MSSTDFMT.DLL
unpack001/FZG_DR/MapleStory.exe
unpack001/FZG_DR/Mss33.dll
unpack001/FZG_DR/ccrpprg6.ocx
unpack001/FZG_DR/ijl15.dll
unpack001/FZG_DR/msgblst32.ocx

Files

43ffae0c9911294bda931fcf32541e61
.rar
FZG_DR/COMDLG32.OCX
.dll regsvr32 windows:4 windows x86 arch:x86

988f29c1eb8054253091352741683c76

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
GetLastError
LockResource
GetWindowsDirectoryA
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
CompareStringA
CompareStringW
lstrcmpA
GetLocaleInfoA
GetVersion
GetModuleFileNameA
GetFileAttributesA
IsBadWritePtr
DisableThreadLibraryCalls
GlobalAlloc
lstrcmpiA
LoadLibraryA
GetProcAddress
lstrcatA
lstrlenA
lstrcpyA
WriteProfileStringA
GlobalLock
GlobalUnlock
LoadResource
FindResourceA
lstrcpynA
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
GetProfileStringA
EnterCriticalSection
GetProcessHeap
GetCurrentThreadId
MultiByteToWideChar
InitializeCriticalSection
GlobalFree

user32

SetWindowRgn
IntersectRect
EqualRect
PtInRect
IsDialogMessageA
IsChild
GetKeyState
CreateDialogIndirectParamA
MessageBeep
PostMessageA
ClientToScreen
wsprintfA
SendMessageTimeoutA
CharNextA
GetActiveWindow
GetWindowThreadProcessId
LoadCursorA
MessageBoxA
GetWindowLongA
GetWindowRect
CreateWindowExA
SetWindowLongA
ShowWindow
DialogBoxParamA
EnableWindow
GetDesktopWindow
GetWindow
IsWindowEnabled
OffsetRect
GetParent
GetDlgItem
SendMessageA
SetFocus
SetParent
SetDlgItemInt
EndPaint
SetActiveWindow
IsWindowVisible
WinHelpA
GetDlgItemInt
EndDialog
GetDlgItemTextA
DestroyWindow
SetDlgItemTextA
GetWindowTextA
GetNextDlgTabItem
SendDlgItemMessageA
RegisterClassA
GetDC
ReleaseDC
LoadIconA
DrawIcon
DestroyIcon
GetSystemMetrics
RegisterWindowMessageA
LoadStringA
DefWindowProcA
UnregisterClassA
GetClientRect
BeginPaint
RegisterClipboardFormatA
SetWindowPos
MoveWindow

ole32

CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
ReleaseStgMedium

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

LoadRegTypeLi
OleCreatePropertyFrame
SetErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
OleLoadPicture
VariantChangeType
RegisterTypeLi
VariantInit
GetErrorInfo
VariantClear
SysStringLen
SysAllocStringLen
OleTranslateColor
SysFreeString
SysAllocString
CreateErrorInfo

comdlg32

CommDlgExtendedError
PrintDlgA
ChooseFontA
ChooseColorA
GetOpenFileNameA
GetSaveFileNameA

gdi32

GetDIBits
CreateCompatibleDC
CreateBitmap
GetSystemPaletteEntries
StretchDIBits
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
LPtoDP
SetViewportExtEx
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
CreateDCA
GetObjectA
EnumFontFamiliesA
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FZG_DR/Call.wav
FZG_DR/GM.wav
FZG_DR/Item1.txt
FZG_DR/Item2.txt
FZG_DR/Item3.txt
FZG_DR/Item4.txt
FZG_DR/MSSTDFMT.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

76114d56c8c1282d8a004aefa0d9031b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetLocaleInfoW
FreeLibrary
DeleteCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
GetVersion
GetFileAttributesA
lstrcatA
GetModuleFileNameA
IsDBCSLeadByte
MultiByteToWideChar
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
GetLastError
LockResource
LoadResource
FindResourceA
GetModuleHandleA
CompareStringW
LeaveCriticalSection
EnterCriticalSection
EnumSystemLocalesA
lstrcpynA
EnumDateFormatsA
CompareStringA
lstrcmpA
EnumTimeFormatsA
lstrlenA
InterlockedIncrement
InterlockedDecrement
HeapAlloc
GetLocaleInfoA
GetProcessHeap
GetThreadLocale
HeapFree
HeapReAlloc
lstrcpyA
GetSystemTime
lstrcmpiA
WideCharToMultiByte
lstrlenW

user32

ReleaseCapture
SetCapture
CallWindowProcA
PtInRect
GetFocus
InvalidateRect
MessageBoxA
GetDlgItemTextA
GetCapture
EqualRect
ShowWindow
SetDlgItemTextA
GetWindowRect
SetParent
SetWindowLongA
CharNextA
GetDC
ReleaseDC
UnregisterClassA
DestroyWindow
GetSystemMetrics
SetWindowRgn
IntersectRect
GetActiveWindow
OffsetRect
ClientToScreen
BeginPaint
MoveWindow
SetFocus
SetWindowPos
GetClientRect
EndPaint
CreateWindowExA
GetDlgItemInt
RegisterClassA
GetWindowLongA
CreateDialogIndirectParamA
IsDlgButtonChecked
IsWindowEnabled
GetKeyState
IsChild
IsDialogMessageA
GetNextDlgTabItem
GetWindow
LoadStringA
WinHelpA
SetDlgItemInt
ScrollWindowEx
wsprintfA
SendMessageA
SendDlgItemMessageA
GetDlgItem
EnableWindow
IsWindowVisible
GetParent
DefWindowProcA

ole32

CreateOleAdviseHolder
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc

advapi32

RegDeleteKeyA
RegQueryValueExA
RegEnumKeyExA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SetErrorInfo
LoadRegTypeLi
CreateErrorInfo
UnRegisterTypeLi
LoadTypeLi
LoadTypeLibEx
SystemTimeToVariantTime
OleLoadPicture
RegisterTypeLi
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetDim
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
VariantChangeType
VariantChangeTypeEx
SafeArrayDestroy
SysAllocStringLen
VariantInit
SysReAllocStringLen
SysAllocString
SysStringLen
VariantCopy
SysFreeString
VariantClear
OleCreatePropertyFrame

gdi32

SetMapMode
LPtoDP
DeleteDC
SetWindowOrgEx
SetViewportOrgEx
CreateDCA
SetViewportExtEx
GetDeviceCaps
SetWindowExtEx
GetViewportExtEx
GetWindowExtEx
CreateRectRgnIndirect

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FZG_DR/MapleStory.exe
.exe windows:4 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kaasgizg
Size: 796KB - Virtual size: 796KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jazcxghn
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FZG_DR/Mss33.dll
.dll windows:4 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

joyuowth
Size: 864KB - Virtual size: 864KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vmsqsach
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FZG_DR/bf 支援程式.reg
FZG_DR/ccrpprg6.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

92ab9dbf5fd3e3238983098cf9953d2f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

MoveToEx
LineTo
Pie

msvbvm60

EVENT_SINK_GetIDsOfNames
ord582
__vbaStrI2
ord583
_CIcos
_adj_fptan
__vbaStrI4
__vbaFreeVar
__vbaCyMul
__vbaStrVarMove
__vbaAptOffset
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaLateMemSt
__vbaExitProc
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVar
__vbaFpR8
_CIsin
__vbaChkstk
__vbaCyVar
EVENT_SINK_AddRef
__vbaStrCmp
__vbaR4Str
__vbaCyI4
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaR8Cy
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
__vbaFPException
ord319
__vbaI2Var
ord644
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord101
ord102
__vbaI4Var
ord103
ord104
ord105
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaFPInt
_CIexp
__vbaFreeObj
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FZG_DR/ijl15.dll
.dll windows:4 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Exports

Exports

DS1
DS2
DS3
DS4
DS5

Sections

Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zfnvejaz
Size: 832KB - Virtual size: 832KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pyhqxcyy
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FZG_DR/msgblst32.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

659b67780bc832dbb1d7e427c26fde24

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3262
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3346
ord5300
ord2985
ord3081
ord2976
ord3401
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3136
ord3670
ord561
ord825
ord599
ord6354
ord1216
ord1168
ord1243
ord1227
ord823
ord1892
ord4252
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3353
ord3681
ord743
ord446
ord1212
ord1226
ord4570
ord4672
ord815
ord4843
ord5265
ord4376
ord4853
ord4998
ord4713
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6371
ord4353
ord5286
ord3798
ord4837
ord4438
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3279
ord4625
ord4425
ord746
ord800
ord860
ord540
ord449
ord2278
ord2363
ord2283
ord2370
ord2288
ord6166
ord3804
ord1877
ord4249
ord2486
ord2687
ord1177
ord1210
ord2439
ord1693
ord5011
ord994
ord5199
ord2396
ord4639
ord5674
ord2156
ord4856
ord4920
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2724
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord5008
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord2954
ord6055
ord1776
ord2384
ord6370
ord5290
ord4441
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord5825
ord723
ord6004
ord3946
ord423
ord3663
ord3571
ord3626
ord640
ord1199
ord1640
ord1641
ord1146
ord323
ord2541
ord2998
ord4949
ord641
ord324
ord2795
ord6030
ord1614
ord4502
ord2414
ord2512
ord2554
ord4486
ord6375
ord3952
ord1089
ord3922
ord5731
ord4342
ord4687
ord5618
ord2876
ord1253
ord1197
ord1577
ord1255
ord1578
ord1131
ord1132
ord1116
ord6412
ord1575
ord1182
ord1176
ord1570
ord342
ord269
ord600
ord826

msvcrt

_initterm
__CxxFrameHandler
free
??1type_info@@UAE@XZ
malloc
_adjust_fdiv
_onexit
__dllonexit
_EH_prolog

kernel32

LocalAlloc
Sleep
GetVersion
GlobalFree
GlobalAlloc
LocalFree

user32

IsWindow
CallWindowProcA
LoadBitmapA
SetWindowLongA
EnableWindow

gdi32

StretchBlt
SelectObject
CreateCompatibleDC
GetObjectA

oleaut32

LoadRegTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SubClassProc

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

988f29c1eb8054253091352741683c76

Code Sign

Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

comdlg32

gdi32

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 68KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 5KB - Virtual size: 5KB

76114d56c8c1282d8a004aefa0d9031b

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 3KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 8KB - Virtual size: 6KB

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

Imports

kernel32

comctl32

Sections

Size: 20KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 11KB

.idata Size: 4KB - Virtual size: 4KB

kaasgizg Size: 796KB - Virtual size: 796KB

jazcxghn Size: 4KB - Virtual size: 4KB

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

Imports

kernel32

comctl32

Sections

Size: 92KB - Virtual size: 92KB

.rsrc Size: 4KB - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

joyuowth Size: 864KB - Virtual size: 864KB

vmsqsach Size: 4KB - Virtual size: 4KB

92ab9dbf5fd3e3238983098cf9953d2f

Headers

File Characteristics

Imports

gdi32

msvbvm60

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 67KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 16KB - Virtual size: 14KB

.text
Size: 69KB - Virtual size: 68KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 3KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 11KB

.idata
Size: 4KB - Virtual size: 4KB

kaasgizg
Size: 796KB - Virtual size: 796KB

jazcxghn
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

joyuowth
Size: 864KB - Virtual size: 864KB

vmsqsach
Size: 4KB - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 67KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

zfnvejaz
Size: 832KB - Virtual size: 832KB

pyhqxcyy
Size: 4KB - Virtual size: 4KB

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 5KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 2KB - Virtual size: 2KB