neonsign[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

neonsign.zip
Size

2.3MB
MD5

7130062e72a787dae97c7a1d8d55dcb3
SHA1

5bbf8e7000d046eda2ec803611754c8d12b8ba83
SHA256

75f785ffbadc7cc740bde0ed0c60159b1d380e203963228b5da20a94d4aa4a36
SHA512

51ebeaf136c35e83b85c70c30d0d6336a68d310519692be83dc124549364d3f57951778ad02ffc97e96b73032a3b1112b7d4df3d84dfd4dc4324f5d21919a25f
SSDEEP

49152:vqFGBLGhZfhbgsdWwfte+Z2UAgi8JSmbeIvel:STvJgsdWwUWtb7Jg

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/(?)#Androm-CGfxListView.exe
unpack001/koori.exe
unpack001/meow.exe
unpack001/srodus.exe

Files

neonsign.zip
.zip
(?)#Androm-CGfxListView.exe
.exe windows:4 windows x86 arch:x86

9241d940ab5610477a46e8af242a9f7d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4710
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord3286
ord6007
ord3998
ord800
ord2818
ord540
ord3293
ord6907
ord3996
ord3092
ord858
ord3522
ord3521
ord1168
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord6055
ord1776
ord4401
ord5290
ord3402
ord3639
ord692
ord567
ord2302
ord860
ord2642
ord4123
ord3803
ord1200
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord2294
ord2362
ord2370
ord6334
ord613
ord537
ord289
ord1779
ord3571
ord4400
ord3630
ord3626
ord3663
ord682
ord2414
ord4275
ord3706
ord640
ord2450
ord5678
ord2860
ord4133
ord4297
ord5788
ord472
ord5710
ord2754
ord5786
ord1641
ord5736
ord1640
ord323
ord2379
ord2571
ord2864
ord5787
ord283
ord3742
ord818
ord6143
ord5981
ord2116
ord6136
ord5937
ord6134
ord6199
ord2111
ord3089
ord755
ord470
ord2567
ord5785
ord6197
ord4809
ord3874
ord6380
ord2099
ord6880
ord6605
ord5789
ord4129
ord3825
ord536
ord3708
ord781
ord6311
ord4171
ord2438
ord6270
ord1644
ord3763
ord1756
ord4998
ord795
ord5875
ord816
ord4299
ord562
ord1270
ord1232
ord2152
ord6379
ord4614
ord4613
ord3301
ord1849
ord4244
ord3692
ord3619
ord2583
ord4588
ord4899
ord4370
ord4892
ord4532
ord4723
ord5253
ord3371
ord3641
ord4589
ord5076
ord4341
ord4349
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord4403
ord5240
ord3748
ord1726
ord4432
ord686
ord384
ord303
ord813
ord2535
ord2243
ord3908
ord3220
ord2862
ord5791
ord5781
ord3797
ord2859
ord2652
ord4294
ord941
ord3157
ord1669
ord1133
ord4464
ord4284
ord6242
ord6172
ord3021
ord2971
ord3910
ord541
ord6905
ord5148
ord4694
ord2096
ord3337
ord3811
ord2244
ord6883
ord4220
ord2584
ord3654
ord2763
ord1175
ord1146
ord2614
ord5572
ord2919
ord2863
ord2546
ord291
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord796
ord674
ord554
ord529
ord366
ord807
ord2494
ord2627
ord2626
ord5871
ord6000
ord2117
ord4163
ord2120
ord4457
ord5252
ord2097
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord4853
ord4376
ord5265
ord1134
ord2621
ord6117
ord4159
ord823
ord520
ord986
ord296
ord5214
ord5301
ord617
ord6215
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3721
ord3079
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4610
ord4612
ord535
ord4615
ord1576

msvcrt

_setmbcp
__CxxFrameHandler
qsort
atoi
_stricmp
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

kernel32

GetModuleHandleA
VirtualAlloc
CreateThread
WaitForSingleObject
VirtualFree
GetProcAddress
CloseHandle
CreateEventA
LoadLibraryA
Sleep
FindResourceA
LoadResource
LockResource
lstrcpynA
lstrlenA
lstrcpyA
GlobalAlloc
GlobalReAlloc
GlobalFree
GetStartupInfoA

user32

GetWindowRect
SystemParametersInfoA
DrawStateA
GetTabbedTextExtentA
GetMenuState
ModifyMenuA
GetMenuStringA
GetSubMenu
GetMenuItemID
SetCapture
SetRect
GetSystemMetrics
ScreenToClient
LoadCursorA
SetCursor
CopyRect
GetSysColor
DrawTextA
InvalidateRect
SendMessageA
EnableWindow
UpdateWindow
GetWindowLongA
GetDlgItem
ShowScrollBar
EnableScrollBar
OffsetRect
FrameRect
GetFocus
GetClassInfoA
DefWindowProcA
CreatePopupMenu
AppendMenuA
GetMessagePos
GetCursorPos
IsWindow
WindowFromPoint
GetKeyState
TranslateMessage
DispatchMessageA
PtInRect
PostMessageA
IsChild
InflateRect
LoadBitmapA
IsWindowVisible
ReleaseCapture
GetClientRect
GetParent
ClientToScreen
GetMenuItemCount
IsRectEmpty

gdi32

GetTextColor
CreateCompatibleBitmap
DeleteObject
RealizePalette
GetDeviceCaps
DPtoLP
CreateFontIndirectA
CreateCompatibleDC
GetObjectA
BitBlt
Polygon
CreateRectRgnIndirect
GetStockObject
SelectObject
StretchBlt
GetTextExtentPoint32A
PatBlt

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA

comctl32

ImageList_GetImageInfo
ImageList_Draw
ImageList_GetIcon
ImageList_AddMasked
ImageList_GetIconSize
ImageList_DrawEx
ImageList_SetBkColor

ws2_32

closesocket
WSACleanup
WSAStartup
gethostbyname

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
koori.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
meow.exe
.exe windows:5 windows x64 arch:x64

e04a99f2db2725521786f72a2a32fe2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
IsValidCodePage
QueryPerformanceCounter
HeapCreate
GetVersion
HeapSetInformation
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
TerminateProcess
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
FindResourceW
UnhandledExceptionFilter
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
HeapSize
HeapQueryInformation
CreateThread
ExitThread
VirtualQuery
GetSystemInfo
CompareStringW
VirtualAlloc
RtlPcToFileHeader
RaiseException
RtlUnwindEx
RtlLookupFunctionEntry
HeapReAlloc
HeapFree
HeapAlloc
GetStartupInfoW
GetCommandLineA
DecodePointer
EncodePointer
FindResourceExW
GetNumberFormatA
GetWindowsDirectoryA
VirtualProtect
SearchPathA
GetProfileIntA
GetTickCount
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
GetFileAttributesExA
SetErrorMode
GetOEMCP
GetCPInfo
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
LCMapStringW
GetStringTypeW
SetThreadStackGuarantee
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
lstrcmpiA
GetTempPathA
GetTempFileNameA
SetFilePointer
GetACP
GetFileSize
GetFileAttributesA
InitializeCriticalSectionAndSpinCount
DeleteFileA
GlobalFlags
GetCurrentDirectoryA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FileTimeToSystemTime
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GlobalAddAtomA
WaitForSingleObject
ResumeThread
SetThreadPriority
GetCurrentProcessId
GetVersionExA
lstrcpyA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
LoadLibraryW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetModuleFileNameA
GetLocaleInfoA
CompareStringA
ActivateActCtx
LoadLibraryA
DeactivateActCtx
lstrcmpA
GetModuleHandleW
GetProcAddress
FreeLibrary
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
lstrlenW
MulDiv
SetLastError
MultiByteToWideChar
lstrlenA
ExitProcess
WinExec
CreateDirectoryA
FreeResource
CloseHandle
WriteFile
CreateFileA
GetLastError
FindResourceA
Sleep
LockResource
SizeofResource
WideCharToMultiByte
LoadResource

user32

DefFrameProcA
IsClipboardFormatAvailable
SubtractRect
CharUpperBuffA
FrameRect
RegisterClipboardFormatA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
TranslateAcceleratorA
UnregisterClassA
UpdateLayeredWindow
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
GetUpdateRect
DestroyAcceleratorTable
SetClassLongPtrA
GetDoubleClickTime
CopyIcon
EnableScrollBar
GetIconInfo
SetCursorPos
GetMenuDefaultItem
SetMenuDefaultItem
DestroyIcon
LoadImageW
LoadImageA
EmptyClipboard
CloseClipboard
SetClipboardData
CopyImage
OpenClipboard
UnionRect
IsMenu
MonitorFromPoint
SetParent
LockWindowUpdate
BringWindowToTop
CreatePopupMenu
CharUpperA
IsIconic
IsZoomed
GetAsyncKeyState
NotifyWinEvent
LoadMenuW
MessageBeep
GetNextDlgGroupItem
IntersectRect
SetRect
CopyAcceleratorTableA
KillTimer
SetTimer
RealChildWindowFromPoint
DeleteMenu
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
ShowWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
DestroyMenu
GetMenuItemInfoA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassLongPtrA
DefMDIChildProcA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MonitorFromWindow
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
CallWindowProcA
GetMenu
SetWindowLongA
GetClassNameA
InvalidateRect
UpdateWindow
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowsHookExA
UnhookWindowsHookEx
GetCursorPos
CallNextHookEx
PtInRect
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxA
LoadCursorA
GetClassInfoA
DefWindowProcA
LoadCursorW
DrawMenuBar
GetWindowRgn
DrawIcon
DestroyCursor
CreateMenu
HideCaret
InvertRect
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoA
GetMonitorInfoA
SetRectEmpty
CopyRect
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
MapVirtualKeyExA
IsCharLowerA
PostThreadMessageA
GetKeyNameTextA
SetPropA
TranslateMDISysAccel
IsWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetSystemMetrics
DrawIconEx
GetSysColorBrush
GetFocus
RedrawWindow
IsWindowVisible
MapWindowPoints
GetClientRect
GetWindowRect
SetWindowRgn
DrawFocusRect
DrawFrameControl
DrawEdge
FillRect
GetSysColor
OffsetRect
InflateRect
IsRectEmpty
DrawStateA
RegisterWindowMessageA
GetWindow
GetParent
MapDialogRect
SetWindowPos
PostQuitMessage
PostMessageA
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
EnableWindow
SendMessageA
AppendMenuA
GetSystemMenu
LoadIconW
MoveWindow

gdi32

ExtSelectClipRgn
DeleteDC
CreateBitmap
SelectPalette
GetObjectType
GetRgnBox
OffsetRgn
CreateRoundRectRgn
SetRectRgn
DPtoLP
CreateDIBSection
SetPixel
SetDIBColorTable
RealizePalette
StretchBlt
CreatePalette
GetPaletteEntries
ScaleWindowExtEx
OffsetWindowOrgEx
GetSystemPaletteEntries
ExtFloodFill
SetPaletteEntries
GetViewportOrgEx
LPtoDP
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
EnumFontFamiliesExA
GetWindowOrgEx
SetPixelV
GetTextFaceA
LineTo
IntersectClipRect
SetWindowExtEx
ExcludeClipRect
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
MoveToEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
SetLayout
GetLayout
GetNearestPaletteIndex
CreateSolidBrush
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
DeleteObject
GetTextCharsetInfo
EnumFontFamiliesA
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
CreateFontIndirectA
CreatePatternBrush
CreatePen
GetStockObject
CreateDIBitmap
GetTextMetricsA
GetTextExtentPoint32A
ExtTextOutA
PatBlt
Polygon
Ellipse
Polyline
GetTextColor
GetBkColor
CombineRgn
CreatePolygonRgn
CreateEllipticRgn
CreateRectRgnIndirect
CreateRectRgn
CreateHatchBrush
CreateDCA
CopyMetaFileA
GetDeviceCaps
Rectangle
SetTextAlign

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCloseKey
RegEnumValueA

shell32

SHGetFileInfoA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
DragQueryFileA
DragFinish
ShellExecuteA
SHAppBarMessage

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveFileSpecW

ole32

OleCreateMenuDescriptor
OleLockRunning
OleGetClipboard
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
DoDragDrop
CreateStreamOnHGlobal
OleDestroyMenuDescriptor
CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoInitializeEx
IsAccelerator
OleTranslateAccelerator

oleaut32

SysFreeString
SysAllocString
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
VariantChangeType
VariantClear
SysStringLen
SysAllocStringLen

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageRectI

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 511KB - Virtual size: 511KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
srodus.exe
.exe windows:4 windows x86 arch:x86

9241d940ab5610477a46e8af242a9f7d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4710
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord3286
ord6007
ord3998
ord800
ord2818
ord540
ord3293
ord6907
ord3996
ord3092
ord858
ord3522
ord3521
ord1168
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord6055
ord1776
ord4401
ord5290
ord3402
ord3639
ord692
ord567
ord2302
ord860
ord2642
ord4123
ord3803
ord1200
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord2294
ord2362
ord2370
ord6334
ord613
ord537
ord289
ord1779
ord3571
ord4400
ord3630
ord3626
ord3663
ord682
ord2414
ord4275
ord3706
ord640
ord2450
ord5678
ord2860
ord4133
ord4297
ord5788
ord472
ord5710
ord2754
ord5786
ord1641
ord5736
ord1640
ord323
ord2379
ord2571
ord2864
ord5787
ord283
ord3742
ord818
ord6143
ord5981
ord2116
ord6136
ord5937
ord6134
ord6199
ord2111
ord3089
ord755
ord470
ord2567
ord5785
ord6197
ord4809
ord3874
ord6380
ord2099
ord6880
ord6605
ord5789
ord4129
ord3825
ord536
ord3708
ord781
ord6311
ord4171
ord2438
ord6270
ord1644
ord3763
ord1756
ord4998
ord795
ord5875
ord816
ord4299
ord562
ord1270
ord1232
ord2152
ord6379
ord4614
ord4613
ord3301
ord1849
ord4244
ord3692
ord3619
ord2583
ord4588
ord4899
ord4370
ord4892
ord4532
ord4723
ord5253
ord3371
ord3641
ord4589
ord5076
ord4341
ord4349
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord4403
ord5240
ord3748
ord1726
ord4432
ord686
ord384
ord303
ord813
ord2535
ord2243
ord3908
ord3220
ord2862
ord5791
ord5781
ord3797
ord2859
ord2652
ord4294
ord941
ord3157
ord1669
ord1133
ord4464
ord4284
ord6242
ord6172
ord3021
ord2971
ord3910
ord541
ord6905
ord5148
ord4694
ord2096
ord3337
ord3811
ord2244
ord6883
ord4220
ord2584
ord3654
ord2763
ord1175
ord1146
ord2614
ord5572
ord2919
ord2863
ord2546
ord291
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord796
ord674
ord554
ord529
ord366
ord807
ord2494
ord2627
ord2626
ord5871
ord6000
ord2117
ord4163
ord2120
ord4457
ord5252
ord2097
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord4853
ord4376
ord5265
ord1134
ord2621
ord6117
ord4159
ord823
ord520
ord986
ord296
ord5214
ord5301
ord617
ord6215
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3721
ord3079
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4610
ord4612
ord535
ord4615
ord1576

msvcrt

_setmbcp
__CxxFrameHandler
qsort
atoi
_stricmp
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

kernel32

GetModuleHandleA
VirtualAlloc
CreateThread
WaitForSingleObject
VirtualFree
GetProcAddress
CloseHandle
CreateEventA
LoadLibraryA
Sleep
FindResourceA
LoadResource
LockResource
lstrcpynA
lstrlenA
lstrcpyA
GlobalAlloc
GlobalReAlloc
GlobalFree
GetStartupInfoA

user32

GetWindowRect
SystemParametersInfoA
DrawStateA
GetTabbedTextExtentA
GetMenuState
ModifyMenuA
GetMenuStringA
GetSubMenu
GetMenuItemID
SetCapture
SetRect
GetSystemMetrics
ScreenToClient
LoadCursorA
SetCursor
CopyRect
GetSysColor
DrawTextA
InvalidateRect
SendMessageA
EnableWindow
UpdateWindow
GetWindowLongA
GetDlgItem
ShowScrollBar
EnableScrollBar
OffsetRect
FrameRect
GetFocus
GetClassInfoA
DefWindowProcA
CreatePopupMenu
AppendMenuA
GetMessagePos
GetCursorPos
IsWindow
WindowFromPoint
GetKeyState
TranslateMessage
DispatchMessageA
PtInRect
PostMessageA
IsChild
InflateRect
LoadBitmapA
IsWindowVisible
ReleaseCapture
GetClientRect
GetParent
ClientToScreen
GetMenuItemCount
IsRectEmpty

gdi32

GetTextColor
CreateCompatibleBitmap
DeleteObject
RealizePalette
GetDeviceCaps
DPtoLP
CreateFontIndirectA
CreateCompatibleDC
GetObjectA
BitBlt
Polygon
CreateRectRgnIndirect
GetStockObject
SelectObject
StretchBlt
GetTextExtentPoint32A
PatBlt

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA

comctl32

ImageList_GetImageInfo
ImageList_Draw
ImageList_GetIcon
ImageList_AddMasked
ImageList_GetIconSize
ImageList_DrawEx
ImageList_SetBkColor

ws2_32

closesocket
WSACleanup
WSAStartup
gethostbyname

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Sections

.text
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9241d940ab5610477a46e8af242a9f7d

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

comctl32

ws2_32

msvcp60

Sections

.text Size: 84KB - Virtual size: 80KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 40KB - Virtual size: 38KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 7KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

e04a99f2db2725521786f72a2a32fe2c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 511KB - Virtual size: 511KB

.data Size: 31KB - Virtual size: 79KB

.pdata Size: 73KB - Virtual size: 73KB

text Size: 3KB - Virtual size: 2KB

data Size: 2KB - Virtual size: 1KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 80KB - Virtual size: 79KB

9241d940ab5610477a46e8af242a9f7d

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

comctl32

ws2_32

msvcp60

Sections

.text Size: 84KB - Virtual size: 80KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 3KB

.text
Size: 84KB - Virtual size: 80KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 40KB - Virtual size: 38KB

.text
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 511KB - Virtual size: 511KB

.data
Size: 31KB - Virtual size: 79KB

.pdata
Size: 73KB - Virtual size: 73KB

text
Size: 3KB - Virtual size: 2KB

data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 80KB - Virtual size: 79KB

.text
Size: 84KB - Virtual size: 80KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 40KB - Virtual size: 38KB