72171f0a7ce56548b961f00a73937a1e

Sharing

Copy URL

Twitter E-mail

General

Target

72171f0a7ce56548b961f00a73937a1e
Size

19.8MB
MD5

72171f0a7ce56548b961f00a73937a1e
SHA1

fbbf71167ed3b7448224fdfa0025349c3efdd359
SHA256

54743623975d5d5c63c623ee976afeaf75e50e30cc7edc5e7b13ea779b323765
SHA512

2af32ada8636c29eba8566d54a165fa807b2ffe6c388ffe090b52430160e50c4fa21e73271b82fa641994c0f350ba5c2ee5e568ac3c3a40d68b09eb2bb4059b1
SSDEEP

393216:DdqWd4+6znmG9rvPvNezWabY8ywBIm1YQCgjUga/+e:8Wd4+6znNrXQ1rCgjUgame

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack002/$PLUGINSDIR/InstallOptionsEx.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/$PLUGINSDIR/InstallOptionsEx.dll	upx

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
72171f0a7ce56548b961f00a73937a1e
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/mpcassoc.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/InstallOptionsEx.dll
unpack003/out.upx
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsExec.dll
unpack001/mplayerc.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/mpcassoc.exe	nsis_installer_1

Files

72171f0a7ce56548b961f00a73937a1e
.exe windows:4 windows x86 arch:x86

51af09c6f94705a14d7c2cf34b244036

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
CloseHandle
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
MulDiv
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCommandLineA

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
RegisterClassA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
FindWindowExA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
Icon/Audio_File.ico
Icon/DVD.ico
Icon/DV_Video.ico
Icon/Flash.ico
Icon/MP3_File.ico
Icon/Midi_File.ico
Icon/Mobile_Video.ico
Icon/Normal_CD.ico
Icon/Quicktime_File.ico
Icon/Real_File.ico
Icon/Subtitle_File.ico
Icon/Video_CD.ico
Icon/Video_file.ico
mpcassoc.exe
.exe windows:4 windows x86 arch:x86

51af09c6f94705a14d7c2cf34b244036

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
CloseHandle
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
MulDiv
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCommandLineA

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
RegisterClassA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
FindWindowExA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptionsEx.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

dialog
initDialog
show

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/bak.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/mp4.ini
$PLUGINSDIR/mpcassoc.ini
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

0a429a757fe850cda370ca04651f8539

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetExitCodeProcess
lstrlenA
lstrcatA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
CloseHandle
GlobalAlloc
GetModuleFileNameA
lstrcmpiA
GetCommandLineA
DeleteFileA
GlobalLock
GlobalFree

user32

SendMessageA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/real.ini
mpcassoc.txt
mplayerc.exe
.exe windows:4 windows x86 arch:x86

d77807327276b3dba74bdc9d3aa75548

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dsound

ord1

winmm

timeBeginPeriod
timeEndPeriod
timeSetEvent
waveOutGetVolume
waveOutSetVolume
mixerSetControlDetails
timeKillEvent

ddraw

DirectDrawCreateEx

kernel32

RtlUnwind
HeapAlloc
HeapFree
IsBadReadPtr
GetSystemTimeAsFileTime
ExitProcess
HeapReAlloc
HeapSize
GetStartupInfoA
GetCommandLineA
GetFileType
ExitThread
SetStdHandle
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
SetUnhandledExceptionFilter
GetTimeZoneInformation
UnhandledExceptionFilter
GetEnvironmentStringsW
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadCodePtr
SetEnvironmentVariableA
GetLocaleInfoW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
GetPrivateProfileSectionA
MultiByteToWideChar
GetLastError
SetErrorMode
FindResourceExA
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
GlobalFlags
GetFileTime
GetFileAttributesA
ConvertDefaultLocale
EnumResourceLanguagesA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetProfileIntA
SuspendThread
ResumeThread
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GlobalSize
GlobalFree
FreeResource
SetFilePointer
DebugBreak
IsDBCSLeadByteEx
GetVolumeInformationA
lstrcpyA
GetCurrentThread
GetThreadPriority
SetThreadPriority
CreateSemaphoreA
ReleaseSemaphore
WaitForMultipleObjects
ResetEvent
CreateEventA
OutputDebugStringA
VirtualAlloc
VirtualFree
UnmapViewOfFile
CreateFileMappingA
GetFileSize
MapViewOfFile
InterlockedCompareExchange
GetVersion
lstrcmpiA
lstrlenW
lstrlenA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FreeEnvironmentStringsW
DeleteCriticalSection
CompareStringA
CompareStringW
GetStringTypeExA
GetModuleHandleW
DeviceIoControl
GetTickCount
GetLocalTime
QueryPerformanceCounter
GlobalMemoryStatus
GetDiskFreeSpaceA
GetComputerNameA
LocalAlloc
GetSystemInfo
InterlockedDecrement
InterlockedIncrement
GetCurrentProcessId
ReleaseMutex
GetModuleHandleA
VirtualQuery
FlushInstructionCache
VirtualProtect
SetLastError
GetUserDefaultLCID
GetTempPathA
GetTempFileNameA
CreatePipe
DuplicateHandle
GetEnvironmentStrings
FreeEnvironmentStringsA
CreateProcessA
CreateThread
WriteFile
ReadFile
TerminateProcess
FileTimeToLocalFileTime
RaiseException
GetWindowsDirectoryA
CopyFileA
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
GlobalAlloc
DeleteFileA
GetFileAttributesExA
CreateDirectoryA
GetFullPathNameA
GetModuleFileNameA
CloseHandle
CreateFileW
CreateFileA
IsDebuggerPresent
CreateMutexA
FindNextFileA
GetCurrentDirectoryA
GlobalLock
GlobalUnlock
GetDriveTypeA
GetCurrentThreadId
Sleep
FindFirstFileA
FindClose
GetDiskFreeSpaceExA
SetPriorityClass
MulDiv
TerminateThread
GetCurrentProcess
lstrcpynA
WaitForSingleObject
SetEvent
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
FormatMessageA
LocalFree

user32

DrawTextA
TabbedTextOutA
SetMenuItemBitmaps
ModifyMenuA
CheckMenuItem
GetMenuCheckMarkDimensions
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
CheckDlgButton
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
TrackPopupMenu
GetScrollPos
GetClassInfoA
RegisterClassA
SetWindowPos
GetWindowPlacement
UnhookWindowsHookEx
GetMenuState
GetMenuStringA
GetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetIconInfo
GetDCEx
SetWindowRgn
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetClassNameA
GetClassLongA
GetScrollInfo
GetWindowRgn
AdjustWindowRectEx
GetMenu
CharLowerBuffA
MessageBoxA
MsgWaitForMultipleObjects
PeekMessageA
GetQueueStatus
wsprintfA
GetMessageA
UnregisterClassA
CopyIcon
CreateWindowExA
GetMessageTime
DestroyIcon
GetCapture
EmptyClipboard
SetClipboardData
CloseClipboard
DrawTextExA
OpenClipboard
SetCapture
SetActiveWindow
ClientToScreen
GetDlgCtrlID
TranslateMessage
DispatchMessageA
SetWindowLongA
GetDlgItemTextA
CallWindowProcA
DefWindowProcA
FindWindowA
IsIconic
ShowWindow
CreateAcceleratorTableA
DestroyAcceleratorTable
ChangeDisplaySettingsA
EnumDisplaySettingsA
ChangeDisplaySettingsExW
ChangeDisplaySettingsExA
UpdateWindow
SystemParametersInfoA
IsMenu
GetAsyncKeyState
GetKeyState
GetWindowLongA
GetMenuItemRect
PostQuitMessage
GetMenuBarInfo
GetSystemMetrics
GetMonitorInfoA
SetMenu
GetCursorPos
ExitWindowsEx
RegisterClipboardFormatA
PostThreadMessageA
SetForegroundWindow
WindowFromPoint
IsChild
GetDesktopWindow
KillTimer
ReleaseDC
GetDC
LoadMenuA
RemoveMenu
InsertMenuA
GetSubMenu
SetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
EnableMenuItem
DeleteMenu
PtInRect
RegisterWindowMessageA
RedrawWindow
GrayStringA
GetWindowDC
BeginPaint
EndPaint
ValidateRect
MapDialogRect
GetMenuItemInfoA
DestroyMenu
TranslateAcceleratorA
BringWindowToTop
GetFocus
FillRect
FrameRect
GetSysColorBrush
EqualRect
SetRectEmpty
MonitorFromWindow
CopyRect
MessageBeep
GetMessagePos
LoadIconA
SetTimer
ScreenToClient
AppendMenuA
CreatePopupMenu
LoadBitmapA
GetDlgItem
UnionRect
SetRect
IsRectEmpty
LoadImageA
GetSysColor
InflateRect
SetCursor
GetParent
InvalidateRect
GetWindowRect
OffsetRect
InsertMenuItemA
LoadAcceleratorsA
ReuseDDElParam
UnpackDDElParam
IsClipboardFormatAvailable
WaitMessage
GetSystemMenu
SetParent
ShowOwnedPopups
SetWindowContextHelpId
DrawFocusRect
CharNextA
LockWindowUpdate
CopyAcceleratorTableA
GetNextDlgGroupItem
ReleaseCapture
InvalidateRgn
CharUpperA
PostMessageA
IsWindowVisible
MapWindowPoints
GetClientRect
IsWindow
GetWindow
LoadCursorA
SendMessageA
EnableWindow
IntersectRect

gdi32

MoveToEx
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
Escape
SetViewportOrgEx
OffsetViewportOrgEx
LineTo
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateSolidBrush
GetBkColor
StretchDIBits
GetCharWidthA
EnumFontFamiliesExA
GetRgnBox
IntersectClipRect
ExcludeClipRect
SetStretchBltMode
RestoreDC
SaveDC
DPtoLP
CreatePatternBrush
GetMapMode
ExtTextOutA
GetClipBox
CopyMetaFileA
GetCurrentObject
PatBlt
GetPixel
CreatePolygonRgn
CreateBitmap
FillRgn
OffsetRgn
SetRectRgn
CloseFigure
EndPath
GetPath
AbortPath
BeginPath
AddFontResourceA
SetBkMode
SetMapMode
GetTextExtentPoint32W
TextOutW
GetTextMetricsA
TranslateCharsetInfo
CreateFontA
EqualRgn
CombineRgn
GetTextColor
CreateFontIndirectA
GetStockObject
ExtSelectClipRgn
SetPixel
CreateRectRgnIndirect
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
CreatePen
GetTextExtentPoint32A
SetBkColor
SetTextColor
TextOutA
CreateRectRgn
GetRegionData
CreateDIBSection
GetObjectA
DeleteObject
StretchBlt
SetDIBColorTable
SelectObject
DeleteDC
SetViewportExtEx
CreateCompatibleDC

comdlg32

GetOpenFileNameA
ChooseFontA
ChooseColorA
GetFileTitleA
GetSaveFileNameA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCloseKey
RegEnumValueA
RegFlushKey
RegCreateKeyA
RegCreateKeyW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueA
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyA
RegOpenKeyW
RegOpenKeyExW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueA
RegQueryValueW
RegQueryValueExW
RegSetValueA
RegSetValueW
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetUserNameA
RegEnumKeyA
RegEnumKeyExA

shell32

ShellExecuteA
Shell_NotifyIconA
DragFinish
DragAcceptFiles
ExtractIconExA
ord195
SHGetPathFromIDListA
SHBrowseForFolderA
DragQueryFileA

comctl32

ImageList_Remove
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_GetImageCount
ord17
ImageList_DragLeave
PropertySheetA
ImageList_DragEnter
ImageList_DragShowNolock
ImageList_BeginDrag
ImageList_DragMove
ImageList_AddMasked
ImageList_Draw
ImageList_GetImageInfo
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
ImageList_EndDrag

shlwapi

PathCombineA
PathAddExtensionA
PathAddBackslashA
PathRemoveFileSpecA
PathStripPathA
PathRemoveExtensionA
PathFindExtensionA
PathCompactPathA
PathIsDirectoryA
PathRelativePathToA
PathRenameExtensionA
PathCanonicalizeA
PathMakePrettyA
PathAppendA
PathStripToRootA
PathIsUNCA
UrlUnescapeA
PathFileExistsA
PathFindFileNameA

oledlg

ord8

ole32

CreateItemMoniker
CoFreeUnusedLibraries
CoTaskMemFree
CoCreateInstance
CLSIDFromString
MkParseDisplayName
CreateBindCtx
CoInitialize
CoUninitialize
OleSaveToStream
CoTaskMemAlloc
OleLoadFromStream
OleInitialize
OleUninitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromProgID
OleGetClipboard
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleDuplicateData
ReleaseStgMedium
CoLoadLibrary
StringFromCLSID
CoFreeLibrary
GetRunningObjectTable
StringFromGUID2

oleaut32

SysFreeString
SafeArrayDestroy
VariantCopy
VarBstrCmp
OleCreatePropertyFrame
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
SysAllocString
VariantChangeType
VariantClear
VariantInit
SystemTimeToVariantTime
OleCreateFontIndirect

ws2_32

closesocket
accept
socket
WSAStartup
gethostbyname
htonl
htons
inet_ntoa
ntohs
select
inet_addr
bind
getsockname
getpeername
WSASetLastError
connect
sendto
recvfrom
WSAAsyncSelect
WSACleanup
WSAGetLastError
listen
recv
send

wininet

InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetQueryDataAvailable
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetOpenUrlA

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 684KB - Virtual size: 682KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 244KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 736KB - Virtual size: 732KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mplayerc.ini

Sharing

General

Malware Config

Signatures

Files

51af09c6f94705a14d7c2cf34b244036

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 27KB - Virtual size: 28KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 940B

51af09c6f94705a14d7c2cf34b244036

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 27KB - Virtual size: 28KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 940B

Headers

File Characteristics

Exports

Exports

Sections

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 27KB - Virtual size: 28KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 940B

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 27KB - Virtual size: 28KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 940B

UPX0
Size: - Virtual size: 40KB

UPX1
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 340B

.text
Size: 2.6MB - Virtual size: 2.6MB

_TEXT64
Size: 4KB - Virtual size: 1KB

.rdata
Size: 684KB - Virtual size: 682KB

.data
Size: 244KB - Virtual size: 318KB

.rsrc
Size: 736KB - Virtual size: 732KB