656ff5e7daef7408da82db2487807960

Sharing

Copy URL Twitter E-mail

General

Target

656ff5e7daef7408da82db2487807960
Size

3.2MB
MD5

656ff5e7daef7408da82db2487807960
SHA1

85ce94a350dbc867ec06adf9ca5d96c7e1151867
SHA256

e0345ae99d236444d80cf70bb95906ffda3c129e3d66ec6740c8d0e1bca18f69
SHA512

03d00b149493f184058ebe8b2f09d48ab31a031a455a7a2082e5b663fbd8d9240e60ef8ce80fe95ee5842d61c2b405356a33d11c2ec45587c776d3a64168ff8d
SSDEEP

98304:QsMGKe1a1hQmThzwdF9TXH8nylghE30wDoKiW:QcKe1agml0ZTXHOSCwEKiW

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Stubs/rk_english.sfx	upx
static1/unpack001/Stubs/zip_english.sfx	upx

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
656ff5e7daef7408da82db2487807960
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$R0
unpack001/Plugins/$R0
unpack001/Stubs/rk_english.sfx
unpack001/Stubs/rk_english_win64.sfx
unpack001/Stubs/zip_english.sfx
unpack001/Stubs/zip_english_win64.sfx
unpack001/WinRK.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

656ff5e7daef7408da82db2487807960
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ShellOptions.ini
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

7868cd55f358bfb360f9eb8ce1512ca0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$R0
.dll regsvr32 windows:5 windows x86 arch:x86

561edc45a41d799984d1aa27926d2c59

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA
timeGetTime
timeBeginPeriod
timeEndPeriod

shell32

SHChangeNotify
SHGetSpecialFolderPathA
DragQueryFileW
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteA
SHFileOperationW
SHFileOperationA
SHGetDesktopFolder
SHGetMalloc
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetFileInfoW
Shell_NotifyIconW
Shell_NotifyIconA
DragQueryFileA

comctl32

CreatePropertySheetPageW
CreatePropertySheetPageA
DestroyPropertySheetPage

kernel32

GetWindowsDirectoryA
GetCommandLineA
GlobalAlloc
GetTempPathW
GetCurrentDirectoryW
GetCurrentDirectoryA
GetCurrentThreadId
GetWindowsDirectoryW
GetTempPathA
WideCharToMultiByte
GetACP
MultiByteToWideChar
WaitForSingleObject
SetEvent
CreateEventA
CreateSemaphoreA
ReleaseSemaphore
GetLastError
ResetEvent
CreateThread
MulDiv
FormatMessageA
GetProcAddress
GetModuleHandleA
LocalFree
VirtualFree
VirtualAlloc
CreateFileA
GetFileSize
SetFilePointer
SetEndOfFile
SystemTimeToFileTime
SetFileTime
WriteFile
FormatMessageW
GetFileAttributesA
GetFileAttributesW
FileTimeToSystemTime
ReadFile
CreateFileW
SetFileAttributesA
GetFileTime
SetFileAttributesW
LoadLibraryExW
LoadLibraryA
GetSystemInfo
GetLongPathNameA
GetCommandLineW
HeapFree
GetProcessHeap
FindFirstFileW
FindFirstFileA
FindClose
GetTimeZoneInformation
GetSystemTime
FindNextFileA
FindNextFileW
FreeLibrary
GetStartupInfoA
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
MoveFileW
CreateDirectoryA
DeleteFileA
DeleteFileW
CreateDirectoryW
MoveFileA
HeapReAlloc
HeapSize
HeapAlloc
ExitProcess
GetModuleHandleW
GetStringTypeW
RaiseException
WriteConsoleA
SuspendThread
GetTickCount
SetThreadPriority
Sleep
GetCurrentThread
ResumeThread
CloseHandle
GlobalUnlock
GetSystemDirectoryA
CreateProcessA
GetSystemDirectoryW
GlobalLock
InterlockedDecrement
InterlockedIncrement
CreateProcessW
GetVersionExA
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
GetStringTypeA
GetConsoleOutputCP
WriteConsoleW

user32

GetKeyState
GetParent
LoadIconA
GetWindowInfo
SendMessageA
GetUpdateRect
GetKeyboardState
RegisterClassExW
InvalidateRect
CreateWindowExA
SetWindowLongW
DefWindowProcA
CreateWindowExW
SystemParametersInfoA
ReleaseCapture
SetWindowTextA
LoadCursorA
SetWindowTextW
ToUnicode
ValidateRect
DefWindowProcW
GetMessagePos
MoveWindow
GetClientRect
CloseClipboard
GetClipboardData
EmptyClipboard
OpenClipboard
KillTimer
IsIconic
IsZoomed
GetWindowPlacement
GetMessageA
TranslateMessage
ShowWindow
PostMessageA
DispatchMessageA
GetWindow
EndPaint
GetWindowRect
InsertMenuItemA
FillRect
DrawTextW
DrawTextA
DrawIconEx
BeginPaint
GetDC
SetWindowLongA
GetWindowLongA
ReleaseDC
GetDesktopWindow
GetSysColor
SetWindowPos
CreatePopupMenu
GetSysColorBrush
GetSystemMetrics
LoadImageA
DestroyIcon
MessageBoxA
MessageBoxW
ToAscii
SetCapture
GetWindowDC
PostQuitMessage
RegisterClassExA
SetActiveWindow
SetTimer
SetWindowRgn
GetUpdateRgn
SetCursor
DestroyWindow
GetIconInfo
IsWindowVisible
IsWindowUnicode
CreateIcon
SetClipboardData
IsClipboardFormatAvailable

gdi32

BitBlt
CreatePolygonRgn
GetPixel
GetDIBits
GetRegionData
CreateCompatibleDC
CreateRectRgn
CreateDIBSection
GetGlyphOutlineA
GetDeviceCaps
CreateFontIndirectA
GetKerningPairsA
GetGlyphOutlineW
GetFontData
DeleteObject
GetObjectA
GetTextExtentPoint32W
GetTextExtentPoint32A
GetStockObject
SelectObject
SetTextColor
SetBkMode

advapi32

RegEnumKeyExA
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExW
RegQueryValueExA
RegCreateKeyExW
RegSetValueExA

ole32

ReleaseStgMedium
CoCreateInstance
OleUninitialize
OleInitialize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 490KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins/$R0
.dll windows:5 windows x86 arch:x86

e337440dd4bbe97412d249ee36fadccc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTimeZoneInformation
GetSystemTime
GetProcAddress
GetModuleHandleA
GetVersionExA
CreateFileA
GetFileSize
SetFilePointer
SetEndOfFile
SystemTimeToFileTime
FormatMessageA
SetFileTime
WriteFile
FormatMessageW
GetFileAttributesW
ReadFile
CreateFileW
GetLastError
SetFileAttributesA
CloseHandle
LocalFree
SetFileAttributesW
WideCharToMultiByte
GetACP
MultiByteToWideChar
HeapFree
HeapAlloc
MoveFileA
GetFileAttributesA
CreateDirectoryW
DeleteFileW
DeleteFileA
MoveFileW
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleW
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
RaiseException
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
RtlUnwind
LoadLibraryA
GetLocaleInfoA
HeapSize
LCMapStringA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

Exports

Exports

rkCreatePluginObject

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ReadMe.txt
Stubs/rk_english.sfx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 248KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 94KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Stubs/rk_english_ppc.sfx
Stubs/rk_english_win64.sfx
.exe windows:5 windows x64 arch:x64

487df55d5f282fbb543fe079774715bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

comctl32

ord17

winmm

timeGetTime

msvcrt

pow

user32

EndDialog

advapi32

RegCloseKey

shell32

SHGetMalloc

ole32

OleInitialize

Sections

.MPRESS1
Size: 149KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Stubs/zip_english.sfx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Stubs/zip_english_ppc.sfx
Stubs/zip_english_win64.sfx
.exe windows:5 windows x64 arch:x64

25d2c5bd58eaf5710d75946a53389ec6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

comctl32

ord17

winmm

timeGetTime

msvcrt

free

user32

EndDialog

advapi32

RegCloseKey

shell32

SHGetMalloc

ole32

OleInitialize

Sections

.MPRESS1
Size: 76KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
WinRK.chm
.chm
WinRK.exe
.exe windows:5 windows x86 arch:x86

7908eb5809e30918ccda5f7e9d8fb447

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

Shell_NotifyIconA
Shell_NotifyIconW
DragQueryFileW
DragQueryFileA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder
SHGetFileInfoW
SHGetFileInfoA
SHFileOperationA
SHGetSpecialFolderPathA
SHFileOperationW
ShellExecuteA
SHChangeNotify
ShellExecuteW

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod
PlaySoundA

kernel32

RemoveDirectoryA
RemoveDirectoryW
GetModuleHandleA
WaitForSingleObject
SetEvent
CreateEventA
CreateSemaphoreA
ReleaseSemaphore
GetLastError
ResetEvent
GetCurrentThreadId
CloseHandle
CreateThread
GetCommandLineW
GetWindowsDirectoryA
GetCommandLineA
GetTempPathW
GetCurrentDirectoryW
GetCurrentDirectoryA
GetWindowsDirectoryW
GetTempPathA
WideCharToMultiByte
GetACP
MultiByteToWideChar
VirtualFree
VirtualAlloc
CreateFileA
GetFileSize
SetFilePointer
SetEndOfFile
SystemTimeToFileTime
FormatMessageA
SetFileTime
WriteFile
FormatMessageW
GetFileAttributesA
GetFileAttributesW
FileTimeToSystemTime
ReadFile
CreateFileW
SetFileAttributesA
GetFileTime
LocalFree
SetFileAttributesW
GetTimeZoneInformation
GetSystemTime
FindFirstFileW
FindFirstFileA
FindClose
FindNextFileA
FindNextFileW
GetLongPathNameA
LoadLibraryA
MulDiv
GetSystemInfo
HeapFree
GetProcessHeap
FreeLibrary
ExpandEnvironmentStringsA
RaiseException
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapCreate
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
IsDebuggerPresent
GetCurrentProcess
TerminateProcess
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
LeaveCriticalSection
EnterCriticalSection
MoveFileW
CreateDirectoryA
DeleteFileA
DeleteFileW
CreateDirectoryW
MoveFileA
HeapReAlloc
HeapSize
HeapAlloc
GetStartupInfoA
ExitProcess
GetModuleHandleW
GetSystemDirectoryA
GetSystemDirectoryW
SuspendThread
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
GetVersionExA
GetTickCount
ResumeThread
SetThreadPriority
Sleep
GetCurrentThread
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LoadLibraryExW

user32

CreateIcon
IsWindowUnicode
EndPaint
DestroyWindow
SetCursor
GetUpdateRgn
MessageBoxW
DispatchMessageA
ShowWindow
MessageBoxA
TranslateMessage
GetMessageA
GetWindow
PostMessageA
SetWindowRgn
SetTimer
SetActiveWindow
RegisterClassExA
PostQuitMessage
GetWindowDC
SetCapture
ToAscii
KillTimer
GetKeyState
GetParent
LoadIconA
GetWindowInfo
SendMessageA
BeginPaint
GetUpdateRect
GetKeyboardState
RegisterClassExW
SetWindowLongA
InvalidateRect
CreateWindowExA
SetWindowLongW
DefWindowProcA
CreateWindowExW
SystemParametersInfoA
ReleaseCapture
GetSystemMetrics
SetWindowTextA
LoadCursorA
SetWindowTextW
ToUnicode
ValidateRect
DefWindowProcW
GetMessagePos
MoveWindow
ReleaseDC
GetIconInfo
DestroyIcon
CloseClipboard
IsClipboardFormatAvailable
GetClipboardData
EmptyClipboard
EnumChildWindows
OpenClipboard
LoadImageA
SetClipboardData
EnumThreadWindows
GetDC
GetDesktopWindow
IsIconic
IsZoomed
GetWindowPlacement
IsWindowVisible
GetWindowRect
GetWindowLongA

gdi32

CreateRectRgn
GetGlyphOutlineA
GetKerningPairsA
GetRegionData
GetFontData
BitBlt
GetDIBits
SelectObject
CreateCompatibleDC
GetPixel
DeleteObject
GetObjectA
EnumFontFamiliesA
CreatePolygonRgn
CreateDIBSection
GetGlyphOutlineW
GetDeviceCaps
CreateFontIndirectA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExA

ole32

OleInitialize
CoCreateInstance
ReleaseStgMedium
DoDragDrop
RegisterDragDrop
OleUninitialize

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 482KB - Virtual size: 481KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WinRK.ini
english.rkdict
german.rkdict
russian.rkdict

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 16KB - Virtual size: 16KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

7868cd55f358bfb360f9eb8ce1512ca0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 472B

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 92B

.reloc Size: 512B - Virtual size: 496B

561edc45a41d799984d1aa27926d2c59

Headers

File Characteristics

Imports

winmm

shell32

comctl32

kernel32

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 472B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 490KB - Virtual size: 490KB

.data
Size: 62KB - Virtual size: 151KB

.rsrc
Size: 47KB - Virtual size: 47KB

.reloc
Size: 87KB - Virtual size: 87KB

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 6KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 8KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 248KB

UPX1
Size: 94KB - Virtual size: 96KB

.rsrc
Size: 9KB - Virtual size: 12KB

.MPRESS1
Size: 149KB - Virtual size: 424KB

.MPRESS2
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 9KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 96KB

UPX1
Size: 49KB - Virtual size: 52KB

.rsrc
Size: 9KB - Virtual size: 12KB