zzz[.]zip | Triage

Resubmissions

23/01/2024, 19:57

240123-yplhvsghf6 6

23/01/2024, 19:54

240123-ymwwtagdgl 3

Sharing

Copy URL Twitter E-mail

General

Target

zzz.zip
Size

216KB
MD5

5c84193c790127b3b88a94c925077777
SHA1

dd6a1138c2553608b39d0206fa027a6b6921e29a
SHA256

dfc9c4a90fa723ff3dbbde31288f1c045e00e94ea985c4f7f1bbeaf772cd8470
SHA512

aac6ddf916c330ab82c16ecf5027aeeac9c936a6fe49153ea2ffbe8d39e8d87b1f5b507824b6a822ad76d9daceb1eb5dcab3b8f396c65393bd2662c6712b7e8e
SSDEEP

6144:DHHwIFKNParhaiaEOaRIP1L46SPRyQJ4Zqk497RvQMUMf:DH3WPchaHE6C6Sb8qk2lRUMf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/zzz/chrome.exe

Files

zzz.zip
.zip
zzz/chrome.exe
.exe windows:10 windows x64 arch:x64

9f0d1c67fcb6d4d5059556ff5e9a642b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

EventRegister
EventWriteTransfer
EventUnregister
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
CheckTokenMembership
CreateWellKnownSid
OpenThreadToken
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
EventSetInformation
RegLoadMUIStringW

kernel32

GetTempPath2W
GetStringTypeW
CreateDirectoryW
SetFileAttributesW
RemoveDirectoryW
GetCurrentProcess
LoadLibraryExW
GetSystemTime
CreateNamedPipeW
ConnectNamedPipe
OpenEventW
LocalAlloc
CopyFileW
GetCurrentThread
HeapFree
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
EncodePointer
DecodePointer
InitializeCriticalSectionEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
FindNextFileW
FindFirstFileW
GetTempFileNameW
DeleteFileW
GetModuleHandleExW
SleepConditionVariableSRW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
SizeofResource
GetFileSizeEx
GetCurrentThreadId
FormatMessageW
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleW
FreeResource
LockResource
GlobalAlloc
GlobalFree
LoadResource
FindResourceW
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
MoveFileW
SetFileTime
GetFileInformationByHandle
LocalFileTimeToFileTime
FileTimeToLocalFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
DebugBreak
HeapSetInformation
GetUserPreferredUILanguages
ExpandEnvironmentStringsW
WaitForSingleObject
GetExitCodeProcess
LoadLibraryW
TlsGetValue
TlsAlloc
GetLastError
TlsFree
TlsSetValue
GetTickCount64
SetDllDirectoryW
DeleteTimerQueueTimer
CreateTimerQueueTimer
SetEvent
ResetEvent
HeapReAlloc
OutputDebugStringW
IsDebuggerPresent
CloseHandle
FreeLibrary
SetLastError
ReleaseSemaphore
OpenSemaphoreW
GetCurrentProcessId
CreateMutexExW
ReleaseMutex
CreateSemaphoreExW
WaitForSingleObjectEx
WaitForMultipleObjects
CreateEventW
CreateThread
GetModuleFileNameW
CreateFileW
WriteFile
ReadFile
GetCommandLineW
GetFileAttributesW
GetFullPathNameW
LocalFree
FindClose

user32

SetWindowLongW
GetWindowLongW
UnhookWindowsHookEx
CallNextHookEx
GetKeyState
SetWindowsHookExW
GetFocus
IsChild
EnableWindow
LoadImageW
GetSystemMetrics
PostMessageW
IsWindow
ShowScrollBar
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MessageBoxW
AllowSetForegroundWindow
SetForegroundWindow
GetClientRect
LoadStringW
GetWindowLongPtrW
CreateWindowExW
SetWindowLongPtrW
SendMessageW

msvcrt

__CxxFrameHandler4
_vsnwprintf
memcpy_s
_purecall
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBV0@@Z
_vsnprintf_s
_wcsnicmp
_vsnprintf
_wcsicmp
towlower
wcsstr
?what@exception@@UEBAPEBDXZ
strchr
free
realloc
??0bad_cast@@QEAA@AEBV0@@Z
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
??0exception@@QEAA@AEBQEBD@Z
wcstombs_s
malloc
_wcslwr_s
wcsncmp
iswdigit
wcstol
_lseek
time
_write
_close
rand
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_wsetlocale
__crtLCMapStringW
__crtCompareStringW
_wcsdup
memset
abort
__pctype_func
_ismbblead
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
_unlock
_lock
_errno
___lc_collate_cp_func
setlocale
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
mbstowcs_s
wcstok
wcschr
_wtol
memmove_s
calloc
wcstok_s
_get_osfhandle
_wopen
srand
_wremove
_read
wcscmp

ntdll

RtlInitializeSid
RtlNtStatusToDosError
RtlSubAuthoritySid
NtOpenProcessToken
NtQueryInformationToken
NtClose
NtOpenThreadToken
RtlCreateEnvironment
RtlInitUnicodeStringEx
RtlSetEnvironmentVariable
RtlExpandEnvironmentStrings
RtlDestroyEnvironment
WinSqmAddToStreamEx
RtlCaptureContext
RtlLookupFunctionEntry
DbgPrintEx
RtlVirtualUnwind

shell32

ShellExecuteW
ShellExecuteExW
CommandLineToArgvW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetKnownFolderIDList

comctl32

ImageList_ReplaceIcon
PropertySheetW
ImageList_Destroy
ImageList_Create

oleaut32

SysAllocString
SysFreeString
VariantInit
SafeArrayUnaccessData
SysStringLen
SafeArrayAccessData
SysAllocStringLen
SafeArrayPutElement
SafeArrayCreate
SafeArrayGetElement
SafeArrayDestroy
VariantClear

uxtheme

SetWindowTheme

atl

ord42
ord40

ole32

CoUninitialize
StringFromCLSID
CoTaskMemFree
CoCreateInstance
OleInitialize
StringFromGUID2
CreateStreamOnHGlobal
GetHGlobalFromStream
CoCreateGuid
CoInitializeEx

comdlg32

CommDlgExtendedError
GetOpenFileNameW

rpcrt4

UuidCreate

duser

ForwardGadgetMessage
GetGadgetFocus

wer

WerReportSubmit
WerReportCloseHandle
WerReportSetParameter
WerReportAddFile
WerReportCreate

secur32

GetUserNameExW

wintrust

WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertFreeCertificateContext
CertGetCertificateContextProperty
CryptHashCertificate
CertDuplicateCertificateContext

dui70

?EnumPropertyInfo@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?Release@ClassInfoBase@DirectUI@@UEAAHXZ
?AddRef@ClassInfoBase@DirectUI@@UEAAXXZ
?GetClassInfoW@CCListView@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?PostCreate@CCBase@DirectUI@@MEAAXPEAUHWND__@@@Z
?OnReceivedDialogFocus@CCBase@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?OnLostDialogFocus@CCBase@DirectUI@@UEAA_NPEAUIDialogElement@2@@Z
?OnCustomDraw@CCBase@DirectUI@@UEAA_NPEAUtagNMCUSTOMDRAWINFO@@PEA_J@Z
?OnNotify@CCBase@DirectUI@@UEAA_NI_K_JPEA_J@Z
?DefaultAction@CCBase@DirectUI@@UEAAJXZ
?GetClassInfoW@CCBase@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?MessageCallback@HWNDHost@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?IsContentProtected@Element@DirectUI@@UEAA_NXZ
??1ClassInfoBase@DirectUI@@UEAA@XZ
??0ClassInfoBase@DirectUI@@QEAA@XZ
??0CCListView@DirectUI@@QEAA@XZ
?GetClassInfoPtr@CCBase@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@HWNDElement@DirectUI@@SAPEAUIClassInfo@2@XZ
?GetClassInfoPtr@Edit@DirectUI@@SAPEAUIClassInfo@2@XZ
?Initialize@CCBase@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
?Initialize@ClassInfoBase@DirectUI@@QEAAJPEAUHINSTANCE__@@PEBG_NPEBQEBUPropertyInfo@2@I@Z
?Register@CCBase@DirectUI@@SAJXZ
?Register@HWNDElement@DirectUI@@SAJXZ
?Register@ClassInfoBase@DirectUI@@QEAAJXZ
?ClassExist@ClassInfoBase@DirectUI@@SA_NPEAPEAUIClassInfo@2@PEBQEBUPropertyInfo@2@IPEAU32@PEAUHINSTANCE__@@PEBG_N@Z
??1CritSecLock@DirectUI@@QEAA@XZ
?GetFactoryLock@Element@DirectUI@@SAPEAU_RTL_CRITICAL_SECTION@@XZ
??0CritSecLock@DirectUI@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
?Register@Edit@DirectUI@@SAJXZ
??0Edit@DirectUI@@QEAA@XZ
??1Edit@DirectUI@@UEAA@XZ
?IsRTLReading@Element@DirectUI@@UEAA_NXZ
?GetPICount@ClassInfoBase@DirectUI@@UEBAIXZ
?GetContentStringAsDisplayed@Edit@DirectUI@@UEAAPEBGPEAPEAVValue@2@@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UEAA_NPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Edit@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UEAAXPEAUPropertyInfo@2@HPEAVValue@2@1@Z
?OnGroupChanged@Element@DirectUI@@UEAAXH_N@Z
?OnInput@Edit@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnKeyFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnMouseFocusMoved@Element@DirectUI@@UEAAXPEAV12@0@Z
?OnDestroy@HWNDHost@DirectUI@@UEAAXXZ
?OnEvent@HWNDHost@DirectUI@@UEAAXPEAUEvent@2@@Z
?Paint@HWNDHost@DirectUI@@UEAAXPEAUHDC__@@PEBUtagRECT@@1PEAU4@2@Z
?GetContentSize@Edit@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?Add@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?RemoveChild@ClassInfoBase@DirectUI@@UEAAXXZ
?Remove@Element@DirectUI@@UEAAJPEAPEAV12@I@Z
?GetAdjacent@Element@DirectUI@@UEAAPEAV12@PEAV12@HPEBUNavReference@2@K@Z
?EnsureVisible@Element@DirectUI@@UEAA_NHHHH@Z
??1HWNDHost@DirectUI@@UEAA@XZ
?AddBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?RemoveBehavior@Element@DirectUI@@UEAAJPEAUIDuiBehavior@@@Z
?MessageCallback@Edit@DirectUI@@UEAAIPEAUtagGMSG@@@Z
?QueryInterface@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z
?GetImmersiveFocusRectOffsets@Element@DirectUI@@UEAAXPEAUtagRECT@@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MEAAXHH@Z
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?OnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?OnUnHosted@HWNDHost@DirectUI@@MEAAXPEAVElement@2@@Z
?UpdateTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?ActivateTooltip@Element@DirectUI@@MEAAXPEAV12@K@Z
?RemoveTooltip@Element@DirectUI@@MEAAXPEAV12@@Z
?GetKeyFocused@HWNDHost@DirectUI@@UEAA_NXZ
?GetAccessibleImpl@HWNDHost@DirectUI@@UEAAJPEAPEAUIAccessible@@@Z
?DefaultAction@Element@DirectUI@@UEAAJXZ
?OnPropertyChanged@HWNDHost@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?GetByClassIndex@ClassInfoBase@DirectUI@@UEAAPEBUPropertyInfo@2@I@Z
?GetGlobalIndex@ClassInfoBase@DirectUI@@UEBAIXZ
?GetName@ClassInfoBase@DirectUI@@UEBAPEBGXZ
?IsValidProperty@ClassInfoBase@DirectUI@@UEBA_NPEBUPropertyInfo@2@@Z
?IsSubclassOf@ClassInfoBase@DirectUI@@UEBA_NPEAUIClassInfo@2@@Z
?GetModule@ClassInfoBase@DirectUI@@UEBAPEAUHINSTANCE__@@XZ
?IsGlobal@ClassInfoBase@DirectUI@@UEBA_NXZ
?IsContentProtected@Edit@DirectUI@@UEAA_NXZ
?GetElementProviderImpl@Element@DirectUI@@UEAAJPEAVInvokeHelper@2@PEAPEAVElementProvider@2@@Z
?HandleUiaDestroyListener@Element@DirectUI@@UEAAXXZ
?HandleUiaPropertyListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UEAAXPEBUPropertyInfo@2@@Z
?HandleUiaEventListener@Element@DirectUI@@UEAAXPEAUEvent@2@@Z
?GetUiaFocusDelegate@Element@DirectUI@@UEAAPEAV12@XZ
?OnNotify@Edit@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnMessage@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnSysChar@HWNDHost@DirectUI@@UEAA_NG@Z
?OnSinkThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnCtrlThemeChanged@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UEAAX_KPEBUtagSTYLESTRUCT@@@Z
?SetWindowDirection@HWNDHost@DirectUI@@UEAAXPEAUHWND__@@@Z
?EraseBkgnd@HWNDHost@DirectUI@@MEAA_NPEAUHDC__@@PEA_J@Z
?CreateHWND@Edit@DirectUI@@MEAAPEAUHWND__@@PEAU3@_N@Z
?Initialize@Edit@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
?AttachCtrlSubclassProc@HWNDHost@DirectUI@@KAXPEAUHWND__@@@Z
?GetThemedBorder@Edit@DirectUI@@QEAA_NXZ
?GetMultiline@Edit@DirectUI@@QEAA_NXZ
?OnAdjustWindowSize@HWNDHost@DirectUI@@UEAAHHHI@Z
?GetHWND@HWNDHost@DirectUI@@UEAAPEAUHWND__@@XZ
?SetWinStyle@CCBase@DirectUI@@QEAAJH@Z
?Destroy@Element@DirectUI@@QEAAJ_N@Z
?Initialize@CCListView@DirectUI@@QEAAJIPEAVElement@2@PEAK@Z
?CreateHWND@CCBase@DirectUI@@UEAAPEAUHWND__@@PEAU3@@Z
?OnInput@CCBase@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnInput@Element@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?OnPropertyChanged@CCBase@DirectUI@@UEAAXPEBUPropertyInfo@2@HPEAVValue@2@1@Z
?DirectionProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
??1CCBase@DirectUI@@UEAA@XZ
??0CCBase@DirectUI@@QEAA@KPEBG@Z
?AddChild@ClassInfoBase@DirectUI@@UEAAXXZ
?GetChildren@ClassInfoBase@DirectUI@@UEBAHXZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UEBAXXZ
??1CCListView@DirectUI@@UEAA@XZ
?Insert@Element@DirectUI@@UEAAJPEAPEAV12@II@Z
?StartDefer@Element@DirectUI@@QEAAXPEAK@Z
?EndDefer@Element@DirectUI@@QEAAXK@Z
?FindDescendent@Element@DirectUI@@QEAAPEAV12@G@Z
StrToID
?SetVisible@Element@DirectUI@@QEAAJ_N@Z
??0HWNDHost@DirectUI@@QEAA@XZ
?SetKeyFocus@HWNDHost@DirectUI@@UEAAXXZ
?SetLayoutPos@Element@DirectUI@@QEAAJH@Z
?CreateGraphic@Value@DirectUI@@SAPEAV12@PEAUHICON__@@_N11@Z
?SetAccName@Element@DirectUI@@QEAAJPEBG@Z
?SetAccValue@Element@DirectUI@@QEAAJPEBG@Z
?SetAccDesc@Element@DirectUI@@QEAAJPEBG@Z
?SetContentString@Element@DirectUI@@QEAAJPEBG@Z
?SetTooltip@Element@DirectUI@@QEAAJ_N@Z
?SetTooltipMaxWidth@Element@DirectUI@@QEAAJH@Z
?OnListenerAttach@TaskPage@DirectUI@@MEAAXPEAVElement@2@@Z
?OnListenerDetach@TaskPage@DirectUI@@MEAAXPEAVElement@2@@Z
?OnListenedPropertyChanging@TaskPage@DirectUI@@MEAA_NPEAVElement@2@PEBUPropertyInfo@2@HPEAVValue@2@2@Z
?KeyFocusedProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?Register@HWNDHost@DirectUI@@SAJXZ
?Initialize@HWNDHost@DirectUI@@QEAAJIIPEAVElement@2@PEAK@Z
?GetClassInfoPtr@HWNDHost@DirectUI@@SAPEAUIClassInfo@2@XZ
?OnInput@HWNDHost@DirectUI@@UEAAXPEAUInputEvent@2@@Z
?GetContentSize@Element@DirectUI@@UEAA?AUtagSIZE@@HHPEAVSurface@2@@Z
?GetClassInfoW@HWNDHost@DirectUI@@UEAAPEAUIClassInfo@2@XZ
?OnNotify@HWNDHost@DirectUI@@UEAA_NI_K_JPEA_J@Z
??0TaskPage@DirectUI@@QEAA@XZ
?SetNote@CCCommandLink@DirectUI@@QEAAJPEBG@Z
?GetContentString@Element@DirectUI@@QEAAPEBGPEAPEAVValue@2@@Z
?SetValue@Element@DirectUI@@QEAAJPEBUPropertyInfo@2@HPEAVValue@2@@Z
UnInitProcessPriv
UnInitThread
InitThread
InitProcessPriv
?DUICreatePropertySheetPage@TaskPage@DirectUI@@QEAAJPEAUHINSTANCE__@@@Z
?GetChildren@Element@DirectUI@@QEAAPEAV?$DynamicArray@PEAVElement@DirectUI@@$0A@@2@PEAPEAVValue@2@@Z
?SetID@Element@DirectUI@@QEAAJPEBG@Z
?Destroy@DUIXmlParser@DirectUI@@QEAAXXZ
?Add@Element@DirectUI@@QEAAJPEAV12@@Z
?SetSelected@Element@DirectUI@@QEAAJ_N@Z
?CreateElement@DUIXmlParser@DirectUI@@QEAAJPEBGPEAVElement@2@1PEAKPEAPEAV32@@Z
?RemoveAll@Element@DirectUI@@QEAAJXZ
?SetEnabled@Element@DirectUI@@QEAAJ_N@Z
?Release@Value@DirectUI@@QEAAXXZ
?ContentProp@Element@DirectUI@@SAPEBUPropertyInfo@2@XZ
?SetValue@Element@DirectUI@@QEAAJP6APEBUPropertyInfo@2@XZHPEAVValue@2@@Z
?Click@Button@DirectUI@@SA?AVUID@@XZ
?DestroyCP@TaskPage@DirectUI@@EEAAXXZ
?CreateParserCP@TaskPage@DirectUI@@EEAAJPEAPEAVDUIXmlParser@2@@Z
?CreateDUICP@TaskPage@DirectUI@@EEAAJPEAVHWNDElement@2@PEAUHWND__@@1PEAPEAVElement@2@PEAPEAVDUIXmlParser@2@@Z
?OnQueryInitialFocus@TaskPage@DirectUI@@MEAAPEAVElement@2@XZ
?OnWizFinish@TaskPage@DirectUI@@MEAA_JXZ
?OnReset@TaskPage@DirectUI@@MEAA_JXZ
?OnKillActive@TaskPage@DirectUI@@MEAA_JXZ
?InitPropSheetPage@TaskPage@DirectUI@@MEAAXPEAU_PROPSHEETPAGEW@@@Z
?LoadPage@TaskPage@DirectUI@@MEAAJPEAVHWNDElement@2@PEAUHINSTANCE__@@PEAPEAVElement@2@PEAPEAVDUIXmlParser@2@@Z
?LoadParser@TaskPage@DirectUI@@MEAAJPEAPEAVDUIXmlParser@2@@Z
?OnListenedEvent@TaskPage@DirectUI@@MEAAXPEAVElement@2@PEAUEvent@2@@Z
?OnListenedInput@TaskPage@DirectUI@@MEAAXPEAVElement@2@PEAUInputEvent@2@@Z
?OnListenedPropertyChanged@TaskPage@DirectUI@@MEAAXPEAVElement@2@PEBUPropertyInfo@2@HPEAVValue@2@2@Z
??1TaskPage@DirectUI@@UEAA@XZ
?PropSheet_SendMessage@TaskPage@DirectUI@@IEAA_JI_K_J@Z
?GetUIAElementProvider@Element@DirectUI@@UEAAJAEBU_GUID@@PEAPEAX@Z

shlwapi

SHCreateStreamOnFileEx

winhttp

WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpWriteData
WinHttpSetOption
WinHttpConnect
WinHttpCrackUrl
WinHttpQueryHeaders
WinHttpOpen
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReadData
WinHttpGetDefaultProxyConfiguration
WinHttpReceiveResponse

cabinet

ord13
ord10
ord23
ord22
ord14
ord11
ord20

Sections

.text
Size: 384KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

9f0d1c67fcb6d4d5059556ff5e9a642b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ntdll

shell32

comctl32

oleaut32

uxtheme

atl

ole32

comdlg32

rpcrt4

duser

wer

secur32

wintrust

crypt32

dui70

shlwapi

winhttp

cabinet

Sections

.text Size: 384KB - Virtual size: 380KB

.rdata Size: 104KB - Virtual size: 101KB

.data Size: 4KB - Virtual size: 4KB

.pdata Size: 16KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 384KB - Virtual size: 380KB

.rdata
Size: 104KB - Virtual size: 101KB

.data
Size: 4KB - Virtual size: 4KB

.pdata
Size: 16KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 3KB