56856d534caf1c707061a4b64bcaacad

Sharing

Copy URL Twitter E-mail

General

Target

56856d534caf1c707061a4b64bcaacad
Size

968KB
MD5

56856d534caf1c707061a4b64bcaacad
SHA1

6742eb7b056bbed9dff31845b4f305333ef9c090
SHA256

30bb5694f1e3e8269a9dc4458737245a90c09c4e321ccad9fb3c38206e4c6718
SHA512

66682837eed54bf5df2b982a9e45cc72c04542efa3221dfcdd9cbffdd55dff76be36822efcb08f84c31e922388b1327fbc28557088f557655c12d05ca68a5c57
SSDEEP

24576:hv0cbfryKJ+ch1zR1n8R+lMf6MfzsZCtJW5xc:N9f+KQqLnVlsfeKJWo

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ktsload.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
56856d534caf1c707061a4b64bcaacad
unpack001/ktsload.exe
unpack002/out.upx
unpack001/smsdiol.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

56856d534caf1c707061a4b64bcaacad
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ktsload.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 608KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 608KB - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
smsdiol.exe
.exe windows:5 windows x86 arch:x86

c23301da5f25bb24f78b014fc5bac1ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
Process32First
CreateToolhelp32Snapshot
GetModuleFileNameA
GetModuleHandleA
GetLastError
DeleteFileA
Sleep
SetFileAttributesA
CreateProcessA
WinExec
FindResourceA
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
FindClose
FindFirstFileA
SetLastError
lstrlenA
FindNextFileA
LocalFree
FormatMessageA
GlobalUnlock
GlobalLock
GlobalAlloc
OpenEventA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GlobalSize
CopyFileA
SetEnvironmentVariableA
CompareStringW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetCurrentDirectoryA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
SetStdHandle
GetConsoleMode
GetConsoleCP
GetProcessHeap
InitializeCriticalSectionAndSpinCount
GetDriveTypeA
HeapReAlloc
HeapSize
HeapAlloc
VirtualFree
HeapFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
LCMapStringW
LCMapStringA
IsValidCodePage
GetACP
LoadLibraryW
SetConsoleCtrlHandler
FatalAppExitA
SetHandleCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringW
GetFileType
WriteConsoleW
OutputDebugStringA
GetStdHandle
DebugBreak
ExitProcess
ExitThread
CreateThread
VirtualQuery
GetSystemInfo
VirtualAlloc
RaiseException
IsBadReadPtr
HeapValidate
GetStartupInfoA
GetCommandLineA
FileTimeToLocalFileTime
RtlUnwind
GetDiskFreeSpaceA
GetTempFileNameA
GetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
SetFileTime
LocalFileTimeToFileTime
GetFileAttributesExA
GetFileTime
GetFileSizeEx
GetFileAttributesA
FindResourceExA
InterlockedExchange
GetCurrentThread
GetLocaleInfoA
ConvertDefaultLocale
EnumResourceLanguagesA
GetOEMCP
GetCPInfo
GlobalFlags
GetShortPathNameA
lstrcmpiA
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
MoveFileA
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetHandleInformation
CreateEventA
SetEvent
WaitForSingleObject
GetProfileIntA
Process32Next
VirtualProtect
SuspendThread
ResumeThread
GetThreadPriority
SetThreadPriority
lstrcmpW
GetCurrentThreadId
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
FreeResource
lstrcmpA
GetThreadLocale
SystemTimeToFileTime
FileTimeToSystemTime
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
FreeLibrary
GetCurrentProcessId
CompareStringA
GetModuleFileNameW
GetModuleHandleW
LoadLibraryA
GetAtomNameA
GlobalGetAtomNameA
SetErrorMode
InterlockedIncrement
InterlockedDecrement
GetProcAddress
MultiByteToWideChar
MulDiv
GlobalFree
lstrlenW

user32

ShowScrollBar
GetNextDlgTabItem
GetNextDlgGroupItem
DlgDirSelectComboBoxExA
DlgDirSelectExA
DlgDirListComboBoxA
DlgDirListA
SetCapture
KillTimer
SetTimer
DrawCaption
DrawAnimatedRects
EnableScrollBar
RedrawWindow
LockWindowUpdate
GetDCEx
ShowOwnedPopups
IsWindowVisible
ValidateRgn
ValidateRect
InvalidateRgn
InvalidateRect
GetUpdateRgn
GetUpdateRect
UpdateWindow
GetWindowDC
EndPaint
BeginPaint
ClientToScreen
BringWindowToTop
GetWindowRgn
SetWindowRgn
ArrangeIconicWindows
IsZoomed
HiliteMenuItem
GetSystemMenu
DrawMenuBar
DragDetect
GetMenuCheckMarkDimensions
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
LoadIconA
SendDlgItemMessageA
GetClientRect
MapWindowPoints
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetWindow
GetCapture
WinHelpA
TrackPopupMenuEx
TrackPopupMenu
SetWindowPlacement
GetKeyState
GetDlgCtrlID
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
SetMenu
GetMenu
GetMessageTime
GetMessagePos
SetWindowLongA
ChildWindowFromPoint
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
RegisterWindowMessageA
EndDialog
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
UnhookWindowsHookEx
MessageBoxA
GetWindowLongA
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetWindowThreadProcessId
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
LoadCursorA
CheckMenuRadioItem
GetMenuContextHelpId
SetMenuContextHelpId
LoadMenuIndirectA
LoadMenuA
SetMenuItemBitmaps
ModifyMenuA
InsertMenuItemA
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuDefaultItem
SetMenuDefaultItem
EnableMenuItem
CheckMenuItem
DeleteMenu
CreatePopupMenu
CreateMenu
GetMenuItemID
InsertMenuA
MsgWaitForMultipleObjects
IsWindowUnicode
ScrollDC
GrayStringA
GetTabbedTextExtentA
DrawTextExA
DrawTextA
DrawFocusRect
DrawFrameControl
DrawEdge
DrawStateA
DrawIcon
InvertRect
FrameRect
FillRect
ExcludeUpdateRgn
WindowFromDC
LoadBitmapA
GetSysColorBrush
PeekMessageA
PostQuitMessage
TabbedTextOutA
PostMessageA
SendMessageA
IsWindow
MapDialogRect
RemoveMenu
IsMenu
ChildWindowFromPointEx
FindWindowA
FindWindowExA
SetParent
WindowFromPoint
FlashWindow
GetMessageW
DispatchMessageW
SubtractRect
UnionRect
InflateRect
SetRect
PtInRect
IsRectEmpty
AppendMenuA
GetMenuStringA
GetMenuState
GetSubMenu
GetMenuItemCount
ChangeClipboardChain
SetClipboardViewer
OpenClipboard
GetOpenClipboardWindow
GetClipboardOwner
CreateCaret
GetClipboardViewer
GetCaretPos
SetCaretPos
HideCaret
ShowCaret
SetForegroundWindow
GetForegroundWindow
SendNotifyMessageA
SetWindowContextHelpId
GetWindowContextHelpId
PostThreadMessageA
CloseWindow
OpenIcon
CheckRadioButton
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
GetAsyncKeyState
GetCursorPos
SetRectEmpty
SetCursor
ReleaseCapture
GetMessageA
TranslateMessage
GetKeyNameTextA
MapVirtualKeyA
DestroyMenu
DestroyIcon
CharUpperA
LoadAcceleratorsA
TranslateAcceleratorA
ReuseDDElParam
UnpackDDElParam
GetMenuBarInfo
UnregisterClassA
GetDialogBaseUnits
GetClipboardFormatNameA
SetWindowPos
CheckDlgButton

gdi32

GetStockObject
GetObjectA
ExtTextOutA
CloseEnhMetaFile
CreateEnhMetaFileA
CloseMetaFile
CreateMetaFileA
GetDeviceCaps
CreateDCA
CopyMetaFileA
CreatePen
CreatePenIndirect
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreateBrushIndirect
CreatePatternBrush
CreateDIBPatternBrushPt
CreateFontIndirectA
CreateFontA
CreateBitmap
CreateBitmapIndirect
SetBitmapBits
GetBitmapBits
SetBitmapDimensionEx
GetBitmapDimensionEx
CreateCompatibleBitmap
CreateDiscardableBitmap
CreatePalette
CreateHalftonePalette
GetPaletteEntries
SetPaletteEntries
AnimatePalette
GetNearestPaletteIndex
ResizePalette
CreateRectRgn
CreateRectRgnIndirect
CreateEllipticRgn
CreateEllipticRgnIndirect
CreatePolygonRgn
CreatePolyPolygonRgn
CreateRoundRectRgn
PathToRegion
ExtCreateRegion
GetRegionData
SetRectRgn
CombineRgn
EqualRgn
OffsetRgn
GetRgnBox
PtInRegion
RectInRegion
CreateICA
CreateCompatibleDC
GetBrushOrgEx
SetBrushOrgEx
EnumObjects
SelectObject
GetNearestColor
RealizePalette
UpdateColors
GetBkColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextColor
GetMapMode
GetGraphicsMode
GetWorldTransform
GetViewportOrgEx
GetViewportExtEx
GetWindowOrgEx
GetWindowExtEx
DPtoLP
LPtoDP
FillRgn
FrameRgn
InvertRgn
PaintRgn
PtVisible
RectVisible
GetCurrentPositionEx
Arc
Polyline
Chord
Ellipse
Pie
Polygon
PolyPolygon
Rectangle
UnrealizeObject
PatBlt
BitBlt
StretchBlt
GetPixel
SetPixel
FloodFill
ExtFloodFill
TextOutA
GetTextExtentPoint32A
GetTextAlign
GetTextFaceA
GetTextMetricsA
GetTextCharacterExtra
GetCharWidthA
GetFontLanguageInfo
GetCharacterPlacementA
GetAspectRatioFilterEx
Escape
SetBoundsRect
GetBoundsRect
ResetDCA
GetOutlineTextMetricsA
GetCharABCWidthsA
GetFontData
GetKerningPairsA
GetGlyphOutlineA
StartDocA
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
MaskBlt
PlgBlt
SetPixelV
AngleArc
GetArcDirection
PolyPolyline
GetColorAdjustment
GetCurrentObject
PolyBezier
DrawEscape
ExtEscape
GetCharABCWidthsFloatA
GetCharWidthFloatA
AbortPath
BeginPath
CloseFigure
EndPath
FillPath
FlattenPath
GetMiterLimit
GetPath
SetMiterLimit
StrokeAndFillPath
StrokePath
WidenPath
GdiComment
PlayEnhMetaFile
GetDCOrgEx
GetClipBox
SetTextColor
SetBkColor
DeleteDC
SaveDC
RestoreDC
SelectPalette
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
OffsetClipRgn
MoveToEx
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
RoundRect
GetClipRgn
EnumFontFamiliesExA
StretchDIBits
PlayMetaFile
EnumMetaFile
PlayMetaFileRecord
ExtSelectClipRgn
SelectClipPath
GetObjectType
DeleteObject
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
SetMapperFlags

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

OpenThreadToken
StartServiceCtrlDispatcherA
DeleteService
StartServiceA
OpenServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
SetServiceStatus
RegisterServiceCtrlHandlerA
CreateProcessAsUserA
DuplicateTokenEx
RegCloseKey
RegSetValueA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegEnumKeyA
RegCreateKeyA
RegQueryValueA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
SetFileSecurityA
GetFileSecurityA
SetThreadToken
RevertToSelf

shell32

ExtractIconA
SHGetFileInfoA
DragFinish
DragQueryFileA
DragAcceptFiles

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ole32

CoInitializeEx
CLSIDFromString
CoCreateInstance
StringFromGUID2
CoDisconnectObject
ReleaseStgMedium
CoTaskMemAlloc
CoTreatAsClass
OleRun
ReadClassStg
CoUninitialize
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CreateBindCtx
CoTaskMemFree
OleDuplicateData
CoRegisterClassObject
CoRevokeClassObject
CoReleaseMarshalData
ReadFmtUserTypeStg
CLSIDFromProgID
CoMarshalInterface
CreateStreamOnHGlobal
CoUnmarshalInterface
StringFromCLSID

oleaut32

SafeArrayDestroyDescriptor
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
VarBstrFromCy
VarCyFromStr
SysReAllocStringLen
VariantChangeType
VariantCopy
SafeArrayCreate
SafeArrayRedim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SafeArrayGetElemsize
SafeArrayGetDim
VariantClear
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysStringLen
VarBstrFromDec
VarDecFromStr
SysAllocStringLen
VarDateFromStr
VarBstrFromDate
VariantInit
SysAllocString
DosDateTimeToVariantTime
VariantTimeToSystemTime
VarUdateFromDate
VarDateFromUdate
SystemTimeToVariantTime
SafeArrayDestroyData

shlwapi

PathStripToRootA
PathIsUNCA
PathRemoveExtensionA
PathRemoveFileSpecW
PathFindExtensionA
PathFindFileNameA

Sections

.textbss
Size: - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 1024B - Virtual size: 793B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 2KB - Virtual size: 2KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 608KB

UPX1 Size: 356KB - Virtual size: 356KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 608KB - Virtual size: 608KB

.rdata Size: 214KB - Virtual size: 214KB

.data Size: 19KB - Virtual size: 69KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 47KB - Virtual size: 46KB

c23301da5f25bb24f78b014fc5bac1ee

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

wtsapi32

userenv

ole32

oleaut32

shlwapi

Sections

.textbss Size: - Virtual size: 692KB

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 233KB - Virtual size: 232KB

.data Size: 14KB - Virtual size: 34KB

.idata Size: 22KB - Virtual size: 21KB

.didat Size: 1024B - Virtual size: 793B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 73KB - Virtual size: 73KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 608KB

UPX1
Size: 356KB - Virtual size: 356KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 608KB - Virtual size: 608KB

.rdata
Size: 214KB - Virtual size: 214KB

.data
Size: 19KB - Virtual size: 69KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 47KB - Virtual size: 46KB

.textbss
Size: - Virtual size: 692KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 233KB - Virtual size: 232KB

.data
Size: 14KB - Virtual size: 34KB

.idata
Size: 22KB - Virtual size: 21KB

.didat
Size: 1024B - Virtual size: 793B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 73KB - Virtual size: 73KB