54946ac0e6aa2b3ff89c58974016e1f9

Sharing

Copy URL Twitter E-mail

General

Target

54946ac0e6aa2b3ff89c58974016e1f9
Size

1.8MB
MD5

54946ac0e6aa2b3ff89c58974016e1f9
SHA1

0cf733bc3aa6fe33866d691196e6263f3ea163c5
SHA256

cf29411c1095fc513b183610b48425ed0a057a7ccd0a768bacb3a562cc09cb9b
SHA512

2000de503c0cb425ab23cf9642e503e706955a2ac5105a4f6386bb1919cda13d7448e437c5b5e6ccc637f38fae8c7a070dc9767e37597432bd5640037adff015
SSDEEP

49152:XBWt//Ml24TGTE9Dps9VZjhnOOMZ0pmFA:Xkt//k24TGI9FqpNWBFA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$TEMP/kssetup.exe	upx

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
54946ac0e6aa2b3ff89c58974016e1f9
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/rfshdktp.dll
unpack001/$TEMP/kssetup.exe
unpack002/out.upx
unpack001/Swift.exe
unpack001/UnInst.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/UnInst.exe	nsis_installer_1
static1/unpack001/UnInst.exe	nsis_installer_2

Files

54946ac0e6aa2b3ff89c58974016e1f9
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$0/SharedAccount/Config/Config.ini
$0/SharedAccount/Config/MxSpeedDial/SpeedDial.ini
$0/SharedAccount/Config/ui.xml
.xml
$0/SharedAccount/data/Dynamic.ini
$0/SharedAccount/data/a1dc23.ini
$0/SharedAccount/data/history2.dat
$0/SharedAccount/data/mbookmark.xml
$0/config/ss.dat
$0/template/page/unsafe/pg_unsafe.htm
.html
$APPDATA/SogouExplorer/CommCfg.xml
.xml
$APPDATA/SogouExplorer/Config.xml
.xml
$APPDATA/SogouExplorer/Favorite2.dat
$APPDATA/SogouExplorer/HistoryUrl.db
$APPDATA/SogouExplorer/Misc.db
$APPDATA/SogouExplorer/Openpage.xml
.xml
$APPDATA/SogouExplorer/UserId.enc
$APPDATA/SogouExplorer/configlocal.xml
.xml
$APPDATA/Tencent/TencentTraveler/100/TtConf.dat
$FAVORITES/favorder3.dat
$FAVORITES//favorder3.dat
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/rfshdktp.dll
.dll windows:4 windows x86 arch:x86

042f3c184e7c0923b6325ab1dc09aed7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

SHGetSpecialFolderLocation
SHChangeNotify

Exports

Exports

refreshDesktop

Sections

.text
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 206B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Windows Media Player/IE6.ico
$PROGRAMFILES/Windows Media Player/IE8.ico
$TEMP/kssetup.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Swift.exe
.exe windows:5 windows x86 arch:x86

9a977a9603825ac45cc9feb9e10c925b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
GetCurrentDirectoryA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
VirtualFree
HeapCreate
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
SetUnhandledExceptionFilter
HeapSize
VirtualQuery
VirtualAlloc
VirtualProtect
CreateThread
ExitThread
GetFileType
SetStdHandle
HeapReAlloc
RaiseException
GetDriveTypeW
HeapFree
HeapAlloc
ExitProcess
GetSystemTimeAsFileTime
RtlUnwind
GetStartupInfoW
SetErrorMode
GetCurrentDirectoryW
GetTempFileNameW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
FindResourceExW
LocalSize
OpenProcess
lstrcpynW
EnumResourceTypesW
EnumResourceNamesW
LoadLibraryExW
GetTempPathW
GetPrivateProfileSectionNamesW
GetExitCodeThread
TerminateThread
ResetEvent
GetProcessHeap
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
lstrcmpiW
GetStringTypeExW
GetFileTime
GetFileSizeEx
SetFileAttributesW
GlobalFlags
ReleaseMutex
CreateMutexW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
CreateEventW
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
GetThreadLocale
lstrlenA
lstrcmpA
GlobalGetAtomNameW
GlobalFree
GetModuleHandleA
MulDiv
FormatMessageW
LocalFree
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
WideCharToMultiByte
GetVersionExA
GlobalSize
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
GetTickCount
QueryPerformanceFrequency
GetProfileIntW
GetModuleHandleW
SetLastError
CreateSemaphoreW
UnmapViewOfFile
GetSystemInfo
GetVersionExW
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
DeleteFileW
GetPrivateProfileIntW
GetCurrentProcessId
CopyFileW
CreateFileMappingW
MapViewOfFile
CreateDirectoryW
CreateFileW
WriteFile
CloseHandle
GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
GetFileAttributesW
ExpandEnvironmentStringsW
GetWindowsDirectoryW
InterlockedIncrement
QueryPerformanceCounter
lstrlenW
FindFirstFileW
FindNextFileW
FindClose
lstrcmpW
GetPrivateProfileStringW
WritePrivateProfileStringW
InterlockedDecrement
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
SetEnvironmentVariableA

user32

SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenuItemID
GetMenuItemCount
MessageBoxW
GetWindowThreadProcessId
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
CreateWindowExW
GetClassInfoExW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
GetWindowLongW
ReleaseDC
GetDC
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
GetWindowDC
BeginPaint
EndPaint
SetWindowLongW
SetWindowPos
InflateRect
IsDialogMessageW
SetWindowTextW
MoveWindow
IsWindowEnabled
SetMenu
GetActiveWindow
GetKeyNameTextW
LoadAcceleratorsW
TranslateAcceleratorW
EnableWindow
DrawIconEx
LoadImageW
CopyRect
SendMessageW
LoadIconW
IsWindow
PostMessageW
GetClientRect
GetWindow
ReleaseCapture
GetKeyState
SendMessageTimeoutW
RegisterHotKey
SetPropW
GetClassInfoW
UnregisterHotKey
GetSystemMetrics
GetCursorPos
IsWindowVisible
keybd_event
MapVirtualKeyW
SetRect
OffsetRect
CreatePopupMenu
AppendMenuW
GetSubMenu
InsertMenuW
LoadMenuW
IsZoomed
GetWindowRect
ClientToScreen
ScreenToClient
RedrawWindow
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
BringWindowToTop
TranslateMDISysAccel
SetRectEmpty
InsertMenuItemW
SetCursor
DestroyMenu
ReuseDDElParam
UnpackDDElParam
SystemParametersInfoW
DrawIcon
SetWindowRgn
SetTimer
KillTimer
CharNextW
ValidateRect
GetMenuItemInfoW
PostQuitMessage
ShowOwnedPopups
MapDialogRect
GetDCEx
PostThreadMessageW
MessageBeep
GetNextDlgGroupItem
DestroyIcon
InvalidateRgn
CopyAcceleratorTableW
UnionRect
SetParent
GetSystemMenu
DeleteMenu
CharUpperW
UnregisterClassW
GetSysColorBrush
WaitMessage
RegisterClipboardFormatW
GetMenuStringW
WindowFromPoint
GetParent
GetFocus
RegisterWindowMessageW
wsprintfW
GetLastActivePopup
SetForegroundWindow
ShowWindow
IsIconic
GetPropW
GetDesktopWindow
UpdateWindow
PtInRect
LoadBitmapW
GetAsyncKeyState
SetWindowContextHelpId
SetMenuDefaultItem
GetTabbedTextExtentA
EnumWindows
GetClipboardFormatNameW
GetCursor
DrawEdge
GetDoubleClickTime
LookupIconIdFromDirectoryEx
IsWindowUnicode
GetWindowLongA
SetWindowLongA
GetKeyboardLayout
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayoutList
GetKeyboardState
ToUnicodeEx
SetCursorPos
EmptyClipboard
SetClipboardData
CreateIconFromResourceEx
CreateIconIndirect
CopyIcon
GetIconInfo
DrawStateW
GetMenuDefaultItem
HideCaret
ShowCaret
IsMenu
GetWindowRgn
DrawFocusRect
DrawFrameControl
InvertRect
IsClipboardFormatAvailable
EnumChildWindows
FindWindowExW
LockWindowUpdate
SetClassLongW
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
InvalidateRect
SetCapture
IsRectEmpty
IntersectRect
CloseClipboard
GetClipboardData
OpenClipboard
GetWindowPlacement
SystemParametersInfoA

gdi32

LineTo
MoveToEx
SelectClipRgn
GetClipRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
Escape
SetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
IntersectClipRect
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateCompatibleDC
GetStockObject
SelectPalette
CreatePen
CreateSolidBrush
CopyMetaFileW
SetMapMode
CreateEllipticRgn
LPtoDP
Ellipse
GetBkColor
GetTextColor
GetTextExtentPoint32W
GetTextMetricsW
GetCharWidthW
CreateFontW
StretchDIBits
GetRgnBox
ExcludeClipRect
SetStretchBltMode
SetBkMode
RestoreDC
SaveDC
DPtoLP
CreatePatternBrush
PatBlt
GetMapMode
GetDeviceCaps
CombineRgn
SetRectRgn
CreateRectRgn
Polygon
StretchBlt
SetPixel
GetCurrentObject
CreateDIBSection
PtInRegion
Rectangle
GetDIBits
EnumFontFamiliesExW
CreatePolygonRgn
RoundRect
ExtCreateRegion
Polyline
GetViewportOrgEx
GetBitmapBits
ExtFloodFill
OffsetRgn
CreatePalette
CreateDIBitmap
SetBrushOrgEx
GetTextAlign
GetTextExtentPoint32A
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
BeginPath
CreateFontIndirectW
ExtTextOutW
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetWindowOrgEx
CreateRectRgnIndirect
SelectObject
CreateCompatibleBitmap
OffsetViewportOrgEx
DeleteObject

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW
RegDeleteKeyW
RegCreateKeyW
RegDeleteValueW
RegEnumKeyW
RegQueryValueW
RegSetValueExW

shell32

DragQueryFileW
DragFinish
DragAcceptFiles
ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Destroy
PropertySheetW
FlatSB_GetScrollProp
ImageList_GetBkColor
ImageList_DrawIndirect
ImageList_GetImageInfo

shlwapi

PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathFindExtensionW
UrlUnescapeW

oledlg

OleUIBusyW
OleUIAddVerbMenuW

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoDisconnectObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromProgID
CoInitializeEx
CLSIDFromString
OleDuplicateData
CoRevokeClassObject
CoTaskMemAlloc
OleIsCurrentClipboard
ReleaseStgMedium
OleFlushClipboard
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
OleRun
CoUninitialize
CoInitialize
CoRegisterMessageFilter
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard

oleaut32

OleLoadPicturePath
LoadTypeLi
OleCreateFontIndirect
VarDateFromStr
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
SysStringLen
VariantCopy
VariantChangeType
VariantClear
SysStringByteLen
SysAllocStringByteLen
VariantInit
SysFreeString
SysAllocString
GetErrorInfo
VarUdateFromDate
VariantChangeTypeEx

wsock32

WSASetLastError
WSAStartup
WSACleanup

gdiplus

GdipCreatePen1
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawLineI
GdipDrawString
GdipMeasureString
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromHICON
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdiplusStartup
GdiplusShutdown
GdipDrawImagePointRectI
GdipGetImageHeight
GdipDeletePen
GdipGetImageWidth

wininet

InternetGetLastResponseInfoW
InternetOpenW
InternetSetStatusCallbackW
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetOpenUrlW
GetUrlCacheEntryInfoW
InternetSetOptionW
DeleteUrlCacheEntryW
InternetCrackUrlW
InternetCloseHandle
InternetQueryDataAvailable
InternetQueryOptionW
InternetCanonicalizeUrlW

winmm

PlaySoundW

imagehlp

ImageDirectoryEntryToData

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UnInst.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 18KB - Virtual size: 18KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

042f3c184e7c0923b6325ab1dc09aed7

Headers

File Characteristics

Imports

shell32

Exports

Exports

Sections

.text Size: 512B - Virtual size: 84B

.rdata Size: 512B - Virtual size: 206B

.data Size: - Virtual size: 20B

.reloc Size: 512B - Virtual size: 48B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 36KB

UPX1 Size: 39KB - Virtual size: 40KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 8KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 56KB - Virtual size: 55KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 18KB - Virtual size: 18KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 512B - Virtual size: 84B

.rdata
Size: 512B - Virtual size: 206B

.data
Size: - Virtual size: 20B

.reloc
Size: 512B - Virtual size: 48B

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 39KB - Virtual size: 40KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 56KB - Virtual size: 55KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 428KB - Virtual size: 427KB

.data
Size: 39KB - Virtual size: 61KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 18KB - Virtual size: 18KB