5710c495b83a780b94aef7e4d4365423

Sharing

Copy URL

Twitter E-mail

General

Target

5710c495b83a780b94aef7e4d4365423
Size

2.0MB
MD5

5710c495b83a780b94aef7e4d4365423
SHA1

6cf2ce5fff165da27291298d7eac7bf7c9d31f17
SHA256

7de34b228cc9adbba044a0a12c86e025e590f667e886f2f94c7d21c159b3b314
SHA512

1b7803d6e3aa2dea4b0c457ef10631c02456ca23486931157487d0e9230872ef2ce7142429afa4945217c16e8d076dd080f4c79ce73db042347d1da412cb52e2
SSDEEP

49152:+wVHKAxZb9JcDoJxDSh7DPtPtvdiouT/dD9QHmg:+Ab9ooJhStPthdiouRBg

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AMCAP.EXE
unpack001/SETUP.EXE
unpack001/STILLCAP.EXE
unpack001/USBVM31B.SYS
unpack001/VM31BPRP.AX
unpack001/VM31BSTI.DLL
unpack001/VM31BTWN.DS
unpack001/VM31BTXP.DS
unpack001/VMCAP.EXE
unpack001/VM_STI.EXE

Files

5710c495b83a780b94aef7e4d4365423
.rar
AMCAP.EXE
.exe windows:4 windows x86 arch:x86

7bbfa0a1f1b31b83795b700ad59128ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_adjust_fdiv
__set_app_type
__p__fmode
_controlfp
__setusermatherr
_initterm
__getmainargs
_acmdln
__p__commode
atof
_ftol
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
atol
sprintf
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit

kernel32

LoadLibraryA
GetStartupInfoA
GetModuleHandleA
CreateFileA
GetFileSize
CloseHandle
GetFullPathNameA
OpenFile
GetProcAddress
FreeLibrary
GetDiskFreeSpaceA
MulDiv
lstrcatA
lstrcpyA
GetProfileIntA
GetProfileStringA
WriteProfileStringA
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
lstrcpynA
lstrlenA

user32

GetSystemMetrics
GetClientRect
EndPaint
BeginPaint
MoveWindow
wsprintfA
PostQuitMessage
SetWindowPos
GetWindowRect
InvalidateRect
SetTimer
KillTimer
SetFocus
AppendMenuA
RemoveMenu
GetSubMenu
GetMenu
PostMessageA
EnableMenuItem
CreateWindowExA
wvsprintfA
EndDialog
UpdateWindow
EnableWindow
MessageBeep
GetAsyncKeyState
GetDlgItem
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextA
IsCharAlphaNumericA
IsCharAlphaA
GetDlgItemTextA
CheckDlgButton
IsDlgButtonChecked
GetSysColor
LoadStringA
GetWindowLongA
GetWindowTextA
CheckMenuItem
DispatchMessageA
SetWindowTextA
ShowWindow
TranslateMessage
WaitMessage
LoadAcceleratorsA
LoadCursorA
LoadIconA
RegisterClassA
GetDC
ReleaseDC
DialogBoxParamA
MessageBoxA
CreatePopupMenu
PeekMessageA
TranslateAcceleratorA
DefWindowProcA

gdi32

PatBlt
SetBkColor
SetTextColor
ExtTextOutA
GetTextMetricsA
DeleteObject
CreateSolidBrush
CreateFontA
GetStockObject
SelectObject

comdlg32

GetOpenFileNameA

ole32

CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

winmm

timeGetTime

msacm32

acmMetrics
acmFormatChooseA

olepro32

ord250

oleaut32

SysFreeString

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CONFIG.SET
SETUP.EXE
.exe windows:4 windows x86 arch:x86

d84d991d25f1d024e6888428c049c5f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
FormatMessageA
DeleteFileA
MulDiv
IsDBCSLeadByte
GetExitCodeProcess
CreateProcessA
GetTempFileNameA
GetSystemDefaultLCID
WaitForSingleObject
CompareStringA
Sleep
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
FreeLibrary
RemoveDirectoryA
FindNextFileA
WritePrivateProfileSectionA
GetStartupInfoA
WriteFile
ReadFile
SetFileAttributesA
LocalFree
LocalAlloc
LockResource
LoadResource
FindResourceA
SizeofResource
GetModuleHandleA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MultiByteToWideChar
lstrcmpiA
GetDiskFreeSpaceA
HeapAlloc
GetProcessHeap
HeapFree
lstrcpynA
ExitProcess
CreateFileA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateDirectoryA
SetFilePointer
GetFileSize
FindClose
GetLastError
FindFirstFileA
lstrlenA
GetFileAttributesA
GetPrivateProfileStringA
GetSystemDirectoryA
GetWindowsDirectoryA
lstrcatA
GetModuleFileNameA
GetTempPathA
lstrcpyA
GetPrivateProfileSectionA
LoadLibraryA
MoveFileExA
WritePrivateProfileStringA
GetShortPathNameA
FlushFileBuffers
IsBadCodePtr
CloseHandle
SetStdHandle
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetVersion
GetCommandLineA
RtlUnwind
IsBadReadPtr

user32

SetFocus
PostMessageA
GetDlgItem
SendDlgItemMessageA
GetParent
GetDC
LoadImageA
MessageBoxA
wsprintfA
CheckRadioButton
EnableWindow
IsDlgButtonChecked
GetDlgItemTextA
CheckDlgButton
SetDlgItemTextA
ReleaseDC
GetWindowLongA
SetWindowTextA
CharNextA
GetDesktopWindow
GetWindowTextA
GetWindow
DestroyWindow
CreateDialogParamA
GetSysColor
GetSysColorBrush
FillRect
BeginPaint
DrawTextA
EndPaint
GetClientRect
ScreenToClient
MoveWindow
SetParent
MapDialogRect
GetNextDlgTabItem
GetWindowRect
CreateDialogIndirectParamA
IsWindow
InvalidateRect
IsWindowEnabled
ShowWindow
UpdateWindow
IsDialogMessageA
SetWindowPos
GetActiveWindow
SetActiveWindow
SetWindowLongA
LoadStringA
LoadIconA
DispatchMessageA
SendMessageA
TranslateMessage
PeekMessageA

gdi32

CreateFontIndirectA
RealizePalette
SelectPalette
CreatePalette
GetObjectA
GetStockObject
CreateDIBitmap
GetTextExtentPointA
SelectObject
EnumFontFamiliesExA
DeleteDC
BitBlt
TextOutA
SetBkMode
SetBkColor
CreateCompatibleDC
CreateSolidBrush
SetTextColor
DeleteObject
GetDeviceCaps

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

lz32

LZOpenFileA
LZCopy
LZClose

comctl32

ord17

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
STILLCAP.EXE
.exe windows:4 windows x86 arch:x86

79a1ab37da36cff15bf347149fc3fab3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateThread
SetEvent
Sleep
LocalFree
WaitForSingleObject
GetModuleHandleA
CopyFileA
FreeEnvironmentStringsW
ReadFile
SetEndOfFile
LoadLibraryA
GetProcAddress
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
CreateFileA
SetFilePointer
FlushFileBuffers
SetStdHandle
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
WideCharToMultiByte
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineA
MultiByteToWideChar
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
VirtualAlloc
VirtualFree
CreateEventA
HeapCreate
HeapDestroy
GetWindowsDirectoryA
WriteFile
GetLastError
HeapFree
lstrcpyA
lstrcatA
GetCurrentDirectoryA
ExitProcess
GetVersion
HeapAlloc
GetStartupInfoA

user32

DialogBoxParamA
EnableMenuItem
EndDialog
GetMenu
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
UpdateWindow
InvalidateRect
PostMessageA
CheckRadioButton
PostQuitMessage
DefWindowProcA
CreateDialogParamA
RedrawWindow
MessageBoxA
DestroyWindow
GetSystemMenu
LoadAcceleratorsA
BeginPaint
GetClientRect
EndPaint
GetWindowRect
SetWindowPos
LoadMenuA
GetSubMenu
ClientToScreen
TrackPopupMenu
CreateWindowExA
ShowWindow
LoadIconA
LoadCursorA
RegisterClassExA
LoadStringA

gdi32

SetPixel
CreateCompatibleDC
DeleteDC
DeleteObject
CreateCompatibleBitmap
StretchBlt
SelectObject

comdlg32

GetSaveFileNameA

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

sti

StiCreateInstanceW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
USBVM31B.INF
USBVM31B.SYS
.sys windows:5 windows x86 arch:x86

4ff996ccd9d743b2dec3f084123bc524

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ZwCreateKey
RtlInitUnicodeString
ExFreePool
ZwClose
ZwQueryValueKey
IofCallDriver
KeInitializeEvent
wcscat
IoBuildSynchronousFsdRequest
KeRestoreFloatingPointState
KeSaveFloatingPointState
ZwWriteFile
ZwCreateFile
ExQueueWorkItem
ZwSetValueKey
IoOpenDeviceRegistryKey
wcscpy
KeSetEvent
IoFreeIrp
KeDelayExecutionThread
ExfInterlockedRemoveHeadList
IoAllocateIrp
KeSetTimer
KeInitializeDpc
KeInitializeTimerEx
KeWaitForSingleObject
ExfInterlockedInsertHeadList
KefAcquireSpinLockAtDpcLevel
KeReleaseSemaphore
ExfInterlockedInsertTailList
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
IoBuildDeviceIoControlRequest
InterlockedDecrement
InterlockedIncrement
KeInitializeSpinLock
IoSetDeviceInterfaceState
IoRegisterDeviceInterface
KeInitializeSemaphore
RtlFreeUnicodeString
RtlCompareMemory
IoCancelIrp
ObReferenceObjectByHandle
PsCreateSystemThread
KeCancelTimer
KefReleaseSpinLockFromDpcLevel

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

stream.sys

StreamClassDeviceNotification
StreamClassRegisterAdapter
StreamClassQueryMasterClockSync
StreamClassStreamNotification

usbd.sys

_USBD_ParseConfigurationDescriptorEx@28
_USBD_CreateConfigurationRequestEx@8

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGECONS
Size: 128B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 672B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VM31BPRP.AX
.dll regsvr32 windows:4 windows x86 arch:x86

4ca17ac2782238d993efead0639412ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ord17
CreatePropertySheetPageA

ksproxy.ax

KsSynchronousDeviceControl

kernel32

InterlockedDecrement
FreeLibrary
LoadLibraryA
InterlockedIncrement
GetProcAddress
DisableThreadLibraryCalls
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
InitializeCriticalSection
lstrcpyA
SetErrorMode
CreateThread
EnterCriticalSection
ResetEvent
GetVersionExA
CreateSemaphoreA
WideCharToMultiByte
GetACP
InterlockedExchange
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
GetCurrentThread
GetTickCount
lstrcmpiA
Sleep
CreateEventA
WaitForSingleObject
CloseHandle
GetLastError
LeaveCriticalSection
DeleteCriticalSection
SetEvent

winmm

timeGetTime

user32

GetWindowRect
GetDesktopWindow
wsprintfA
LoadStringW
DefWindowProcA
PeekMessageA
wvsprintfA
PostThreadMessageA
GetQueueStatus
InvalidateRect
DestroyWindow
MsgWaitForMultipleObjects
ShowWindow
PostMessageA
GetWindowTextA
SetWindowLongA
GetDlgCtrlID
SendMessageA
GetWindowLongA
SendDlgItemMessageA
CheckRadioButton
EnableWindow
LoadStringA
GetParent
MoveWindow
CreateDialogParamA
DispatchMessageA
SetTimer
SetWindowTextA
GetDlgItem
KillTimer

comdlg32

GetOpenFileNameA

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA

ole32

CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
CoTaskMemFree
CoUninitialize
StringFromGUID2
CoTaskMemAlloc

msvcrt

_except_handler3
fopen
__dllonexit
_onexit
_ftol
_CIpow
sprintf
free
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
malloc
fscanf
fclose

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VFWWDMExtension

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 4KB - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VM31BSTI.DLL
.dll windows:4 windows x86 arch:x86

fb3b85861a25386995475799b63c8a90

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
IsBadWritePtr
DeleteFileA
GetLastError
ReadFile
CreateFileA
GetWindowsDirectoryA
Sleep
GetVersion
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
GetEnvironmentStringsW
GetStartupInfoA
GetEnvironmentStrings
WideCharToMultiByte
GetStringTypeW
RtlUnwind
GetCommandLineA
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapFree
ExitProcess
TerminateProcess
CreateEventA
SetHandleCount
GetStdHandle
GetFileType
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetStringTypeA
FlushFileBuffers
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW

user32

GetClientRect

ole32

CoTaskMemFree
CoCreateInstance
CreateBindCtx
MkParseDisplayName
CoInitialize
CoUninitialize

oleaut32

OleCreatePropertyFrame

ksproxy.ax

KsSynchronousDeviceControl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
_DllEntryPoint@12
_DllMain@12

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VM31BTWN.DS
.dll windows:4 windows x86 arch:x86

f4fe8131880f3302d62c4e532351dfe2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comdlg32

GetSaveFileNameA
GetFileTitleA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA

kernel32

GetProcAddress
LoadLibraryA
lstrcatA
lstrcpyA
GetWindowsDirectoryA
FindNextFileA
FindFirstFileA
CloseHandle
FreeLibrary
ReadFile
CreateFileA
GlobalHandle
CopyFileA
CreateMutexA
ReleaseMutex
WaitForSingleObject
DeleteFileA
LocalFree
GetModuleHandleA
Sleep
SetEvent
CreateThread
CreateEventA
_lwrite
lstrcpynA
OpenFile
GlobalReAlloc
GlobalFree
_lclose
_llseek
GlobalAlloc
_lread
GlobalLock
GlobalUnlock
GetFileSize

user32

DestroyMenu
TrackPopupMenu
GetSubMenu
LoadMenuA
GetCursorPos
MoveWindow
SetDlgItemTextA
InvalidateRect
GetDC
SetFocus
LoadImageA
DefWindowProcA
GetWindowRect
SetWindowPos
GetSysColor
GetDlgItem
SendMessageA
DestroyWindow
EnableWindow
CreateDialogParamA
GetClientRect
CheckDlgButton
PostMessageA
wsprintfA
GetPropA
FindWindowA
EndDialog
SetPropA
ShowWindow
SetTimer
KillTimer
DialogBoxParamA
IsDialogMessageA
LoadStringA
MessageBoxA
SetWindowTextA

gdi32

StretchDIBits
Rectangle
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
SetStretchBltMode
CreateSolidBrush
CreatePen
DeleteObject

comctl32

ImageList_Remove
ImageList_Create
ImageList_Add

sti

StiCreateInstanceW

msvcrt

_onexit
sprintf
malloc
free
fclose
fwrite
fopen
_ftol
wcslen
??3@YAXPAX@Z
_wcsicmp
??2@YAPAXI@Z
wcscpy
__dllonexit
_initterm
_adjust_fdiv

Exports

Exports

DS_Entry

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VM31BTXP.DS
.dll windows:4 windows x86 arch:x86

7f6c99701265ca61f16afe57fed716dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comdlg32

GetSaveFileNameA
GetFileTitleA

advapi32

RegOpenKeyA
RegCloseKey
RegQueryValueExA

kernel32

GetWindowsDirectoryA
GlobalUnlock
GlobalLock
_lread
GlobalAlloc
_llseek
_lclose
GlobalFree
GlobalReAlloc
OpenFile
lstrcpynA
_lwrite
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
lstrcpyA
FindNextFileA
CreateFileA
GetFileSize
GlobalHandle
CopyFileA
ReleaseMutex
CreateMutexA
LocalFree
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CreateThread
SetEvent
ReadFile
GetLastError
CloseHandle
DeleteFileA
CreateEventA
WaitForSingleObject
Sleep
FindFirstFileA

user32

LoadMenuA
GetSubMenu
TrackPopupMenu
DestroyMenu
CheckDlgButton
SetFocus
MoveWindow
SetDlgItemTextA
InvalidateRect
GetDC
LoadImageA
DefWindowProcA
SetWindowPos
GetSysColor
GetDlgItem
SendMessageA
DestroyWindow
EnableWindow
CreateDialogParamA
SetWindowTextA
GetPropA
FindWindowExA
FindWindowA
EndDialog
SetPropA
SetTimer
KillTimer
DialogBoxParamA
GetWindowRect
GetCursorPos
IsDialogMessageA
LoadStringA
MessageBoxA
PostMessageA
wsprintfA
GetClientRect
ShowWindow

gdi32

SetStretchBltMode
Rectangle
StretchDIBits
CreateSolidBrush
CreatePen
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject

ole32

CoCreateInstance
CoGetMalloc
CoInitialize
CreateBindCtx
MkParseDisplayName
CoTaskMemFree
CoUninitialize

oleaut32

SysStringLen
OleCreatePropertyFrame
SysAllocString
SysFreeString

comctl32

ImageList_Remove
ImageList_Create
ImageList_Add

ksproxy.ax

KsSynchronousDeviceControl

msvcrt

fopen
__CxxFrameHandler
sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
_ftol
malloc
free
fwrite
wcslen
wcscpy
fclose
wcscmp
__dllonexit
_onexit
_initterm
_adjust_fdiv

Exports

Exports

DS_Entry

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VMCAP.EXE
.exe windows:4 windows x86 arch:x86

13b1fe45f0d22bcf44a27a8f2e583b53

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
lstrcatA
lstrcpyA
LocalFree
GetModuleHandleA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CreateThread
SetEvent
CopyFileA
WriteFile
GetWindowsDirectoryA
CreateFileA
ReadFile
FreeLibrary
lstrcmpiA
AllocConsole
SetConsoleTitleA
GetLastError
GetProfileIntA
GetTickCount
WaitForMultipleObjects
GetThreadPriority
SetThreadPriority
InterlockedExchange
CreateSemaphoreA
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
CloseHandle
DeleteFileA
CreateEventA
WaitForSingleObject
ResetEvent
Sleep
lstrlenA
SetFilePointer
MultiByteToWideChar
FlushFileBuffers
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
VirtualAlloc
GetCurrentProcess
TerminateProcess
VirtualFree
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapAlloc
RtlUnwind
WideCharToMultiByte
IsBadWritePtr
IsBadReadPtr
HeapValidate
InterlockedDecrement
InterlockedIncrement
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetCurrentThread
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
DebugBreak
GetStdHandle
OutputDebugStringA
LoadLibraryA
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
FatalAppExitA

user32

GetMessageA
TranslateAcceleratorA
TrackPopupMenu
GetSubMenu
GetClientRect
wsprintfA
PostMessageA
DispatchMessageA
TranslateMessage
GetQueueStatus
RegisterWindowMessageA
PostThreadMessageA
wvsprintfA
MsgWaitForMultipleObjects
LoadMenuA
UpdateWindow
EndDialog
BeginPaint
GetWindowRect
SetWindowPos
EndPaint
PostQuitMessage
DefWindowProcA
ClientToScreen
InvalidateRect
DestroyWindow
DialogBoxParamA
CreateWindowExA
ShowWindow
LoadIconA
LoadCursorA
RegisterClassExA
MessageBoxA
LoadStringA
GetSystemMenu
LoadAcceleratorsA
GetMenu
EnableMenuItem
PeekMessageA

gdi32

StretchBlt
CreateCompatibleDC
SetPixel
SelectObject
CreateCompatibleBitmap
DeleteDC
DeleteObject

comdlg32

GetSaveFileNameA

ole32

MkParseDisplayName
CreateBindCtx
CoInitialize
CoUninitialize
CoCreateInstance
CoGetMalloc
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2

oleaut32

SysAllocString
SysStringLen
SysFreeString

winmm

timeGetTime

ksproxy.ax

KsSynchronousDeviceControl

advapi32

RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VM_STI.EXE
.exe windows:4 windows x86 arch:x86

a168909e79ce959b0bd387b131b86643

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapViewOfFile
CreateFileMappingA
CreateProcessA
CreateMutexA
UnmapViewOfFile
GetLastError
RtlUnwind
HeapFree
HeapAlloc
GetStartupInfoA
LoadLibraryA
GetCommandLineA
GetOEMCP
GetACP
GetProcAddress
MultiByteToWideChar
GetCPInfo
FlushFileBuffers
SetStdHandle
IsBadReadPtr
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsBadWritePtr
HeapReAlloc
GetVersion
ExitProcess
SetFilePointer
VirtualAlloc
WriteFile
VirtualFree
WideCharToMultiByte
CloseHandle
GetModuleHandleA
HeapCreate
IsBadCodePtr
HeapDestroy
FreeEnvironmentStringsA
GetModuleFileNameA
GetFileType
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount

user32

DispatchMessageA
LoadAcceleratorsA
UnregisterDeviceNotification
GetMessageA
TranslateMessage
TranslateAcceleratorA
SetTimer
KillTimer
PostQuitMessage
RegisterClassExA
DefWindowProcA
CreateWindowExA
RegisterDeviceNotificationA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA

ole32

CoGetMalloc
CoCreateInstance
CoUninitialize
CoInitialize
CreateBindCtx
MkParseDisplayName

oleaut32

SysAllocString
SysFreeString

ksproxy.ax

KsSynchronousDeviceControl

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bbfa0a1f1b31b83795b700ad59128ab

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

comdlg32

ole32

winmm

msacm32

olepro32

oleaut32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 8KB

d84d991d25f1d024e6888428c049c5f2

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

lz32

comctl32

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 16KB - Virtual size: 27KB

.rsrc Size: 180KB - Virtual size: 178KB

79a1ab37da36cff15bf347149fc3fab3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

sti

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 4KB

4ff996ccd9d743b2dec3f084123bc524

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

stream.sys

usbd.sys

Sections

.text Size: 61KB - Virtual size: 61KB

.data Size: 20KB - Virtual size: 20KB

PAGECONS Size: 128B - Virtual size: 128B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 672B - Virtual size: 664B

.reloc Size: 3KB - Virtual size: 3KB

4ca17ac2782238d993efead0639412ed

Headers

File Characteristics

Imports

comctl32

ksproxy.ax

kernel32

winmm

user32

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 16KB - Virtual size: 27KB

.rsrc
Size: 180KB - Virtual size: 178KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 61KB - Virtual size: 61KB

.data
Size: 20KB - Virtual size: 20KB

PAGECONS
Size: 128B - Virtual size: 128B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 672B - Virtual size: 664B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 6KB

.idata
Size: 8KB - Virtual size: 4KB

.CRT
Size: 4KB - Virtual size: 260B

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 9KB

.shared
Size: 4KB - Virtual size: 288B

.rsrc
Size: 4KB - Virtual size: 632B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 41KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 35KB