95c5858f479203c4d57e448800fa46de

Sharing

Copy URL Twitter E-mail

General

Target

95c5858f479203c4d57e448800fa46de
Size

2.9MB
MD5

95c5858f479203c4d57e448800fa46de
SHA1

8f0004e313c57cca40d41992703ed5a35567201c
SHA256

dd341c9ce05147854e230201575e6e0e2f52ce18e80a899f0acc49513cb7b416
SHA512

9c3438be5bc62f83bd15fc5085d0547fc2dbc944ed60f461294f1f6d39e04139e1cbfcf64d7c5e585f6f28c2ae71d1ae9cea1e9223d383851e0efe653aee741d
SSDEEP

49152:UL3x4v6aoyrc0mG5OFU5hyLAn2mZVHmj3tZ+XVlORzUluOnN+xjISoygaYViNr0e:UL3xc/oyrR5/2LA2mfGZeozUl1nKjIS3

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
95c5858f479203c4d57e448800fa46de
unpack001/$PLUGINSDIR/OpenSave.dll
unpack001/UDFLibrary.dll
unpack001/fbserver.exe
unpack001/instsvc.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

95c5858f479203c4d57e448800fa46de
.exe windows:4 windows x86 arch:x86

7d8c16ee511989dba08d838c22062a91

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

kernel32

SetErrorMode
GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
FindNextFileA
DeleteFileA
FindFirstFileA
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetModuleHandleA
ExitProcess
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
EnterCriticalSection
Sleep
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GlobalFree
LoadLibraryA
GetProcAddress
CreateThread
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
CopyFileA

user32

CreateDialogParamA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DestroyWindow
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
CharNextA
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
ExitWindowsEx
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PostQuitMessage

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateBrushIndirect
CreateFontA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/OpenSave.dll
.dll windows:4 windows x86 arch:x86

5d6433b899be130725b6fa01352b17bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
Process32First
CreateToolhelp32Snapshot
GetPrivateProfileStructA
Sleep
GetTickCount
InterlockedDecrement
Process32Next
VirtualProtect
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetStringTypeW
OpenProcess
WaitForSingleObject
TerminateProcess
GlobalAlloc
lstrcpynA
lstrcpyA
GetSystemInfo
GlobalFree
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadCodePtr
LoadLibraryA
GetCPInfo
GetLastError
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
RtlUnwind
RaiseException
ExitProcess
GetProcAddress
GetModuleHandleA
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
VirtualAlloc
HeapReAlloc
InterlockedExchange
VirtualQuery
HeapSize
SetUnhandledExceptionFilter
GetACP
GetOEMCP

user32

GetWindowTextA
SendMessageA
GetWindowThreadProcessId
EnumWindows
PostMessageA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
CreateServiceA

shell32

SHGetDesktopFolder
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

oleaut32

SysFreeString
SysAllocString
VariantClear

Exports

Exports

checkClients
installService
isAppStarted
openFileDlg
openFolderDlg
saveFileDlg
uninstallService

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AppInfo.html
Applications.html
Events.html
Firebird_v1.5.ReleaseNotes.pdf
.pdf
- http://sourceforge.net/project/showfiles.php?group_id=9028
- http://support.microsoft.com/default.aspx?kbid=296265
- http://support.microsoft.com/default.aspx?kbid=140325
- http://www.yahoogroups.com/groups/firebird-support
- http://cvs.sourceforge.net/viewcvs.py/firebird/firebird2/doc/README.instsvc
- http://support.microsoft.com/default.aspx?scid=kb;EN-US;q177719
- http://firebird.sourceforge.net/
- http://firebirdsql.org/
- http://www.ibphoenix.com/
- http://www.cvalde.net/
- http://www.yahoogroups.com/groups/ib-support
- http://www.yahoogroups.com/groups/Firebird-Java
- http://www.ibase.ru/
- http://www.yahoogroups.com/community/Firebird-priorities
- http://www.yahoogroups.com/community/ib-architect
- http://www.yahoogroups.com/community/firebird-java
- http://lists.sourceforge.net/lists/listinfo/firebird-net-provider
- http://www.ibobjects.com/
- http://www.devrace.com/
- http://www.ibpp.org/
- http://lists.sourceforge.net/lists/listinfo/firebird-odbc-devel
- http://www.yahoogroups.com/community/firebird-php
- http://python.org/
- http://kinterbasdb.sourceforge.net/
- http://firebird.sourceforge.net/index.php?op=doc
- http://www.firebirdsql.org/
- http://sourceforge.net/projects/firebird
- http://www.borland.com/techpubs/interbase/
- http://sourceforge.net/project/showfiles.php?group_id=9028VVeerrssiioonn
- http://libfbclient.so
- http://orlibfbclient.so
- http://libgds.so
- http://libfbembed.so
- http://librarylibgds.solibfbclient.solibfbembed.so
- http://more...ad
- http://freemail.hu
- http://UDF.e.g.select
- http://hackudf.so
- http://support.microsoft.com/default.aspx?kbid=296265Win32-with-TCP/IP
- http://support.microsoft.com/default.aspx?kbid=140325Default
- http://www.yahoogroups.com/groups/firebird-supportIf
- http://cvs.sourceforge.net/viewcvs.py/firebird/firebird2/doc/README.instsvcREAD
- http://support.microsoft.com/default.aspx?scid=kb;EN-US;q177719Windows
- http://news.atkin.com
- http://install.sh
- http://createDBAlias.sh
- http://changeDBAPassword.sh
- http://createAliasDB.sh
- http://changeGdsLibraryCompatibleLink.sh
- http://uninstall.sh
- http://firebirdsql.org
- http://www.ibphoenix.com
- http://www.cvalde.net
- http://www.yahoogroups.com/groups/firebird-supportFor
- http://www.yahoogroups.com/groups/Firebird-JavaThe
- http://IBase.ru
- http://www.ibase.ru
- http://users.sourceforge.net
- http://www.yahoogroups.com/community/Firebird-priorities.
- http://sourceforge.net/project/showfiles.php?group_id=9028For
- http://www.yahoogroups.com/community/firebird-java..NET:
- http://lists.sourceforge.net/lists/listinfo/firebird-net-providerDelphi
- http://www.ibobjects.com
- http://www.devrace.com
- http://www.ibpp.org
- http://onsourceforge.net
- http://lists.sourceforge.net/lists/listinfo/firebird-odbc-develPHP:
- http://www.yahoogroups.com/community/firebird-phpPYTHON:
- http://kinterbasdb.sourceforge.net
- http://ftpc.inprise.com/pub/interbase/techpubs/ib_60_doc.zipA
- http://firebird.sourceforge.net/index.php?op=docThis
- http://lists.sourceforge.net
- http://sourceforge.net/projects/firebirdThe
- Show all
UDFLibrary.dll
.dll windows:4 windows x86 arch:x86

87fe953531e8b8d0dca61f883da5770e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr71

malloc
_initterm
_adjust_fdiv
wcsstr
_except_handler3
__dllonexit
_onexit
__CppXcptFilter
free

kernel32

DisableThreadLibraryCalls

Exports

Exports

fn_is_existing

Sections

.text
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
URL.html
aliases.conf
email.html
email_info.html
fbserver.exe
.exe windows:4 windows x86 arch:x86

6e061bb5ece40ba2afb6b44d3da7a714

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
ReadFile
GetUserDefaultLangID
FormatMessageA
CreateFileA
GetLastError
FreeLibrary
GetDriveTypeA
LeaveCriticalSection
GetPriorityClass
lstrcpyA
lstrcatA
OpenMutexA
SetErrorMode
TerminateThread
ReleaseSemaphore
OpenSemaphoreA
CreateSemaphoreA
DisconnectNamedPipe
WaitNamedPipeA
CreateNamedPipeA
ConnectNamedPipe
GetCommandLineA
CreateProcessA
SetPriorityClass
MoveFileA
GetModuleFileNameA
LoadLibraryExA
GetTapeParameters
GetStdHandle
SetTapePosition
DeleteFileA
CreateFileMappingA
MapViewOfFile
DeleteCriticalSection
GetProcAddress
LoadLibraryA
GetStartupInfoA
GetModuleHandleA
GetFileInformationByHandle
WriteFile
FlushFileBuffers
GetCurrentProcessId
GetVersionExA
GetComputerNameA
OpenProcess
CloseHandle
EnterCriticalSection
GetCurrentDirectoryA
Sleep
GetExitCodeThread
GetCurrentProcess
DuplicateHandle
GetCurrentThread
GetTempPathA
CreateMutexA
GetFileSize
WaitForSingleObject
ReleaseMutex
InitializeCriticalSection
TlsAlloc
UnmapViewOfFile
FlushViewOfFile
SetEndOfFile
OpenEventA
WaitForMultipleObjects
SetEvent
CreateEventA
ResetEvent
IsBadReadPtr
SetThreadPriority
TlsFree
SleepEx
SuspendThread
ResumeThread
TlsSetValue
TlsGetValue
GetCurrentThreadId
FindNextFileA
FindClose
FindFirstFileA

msvcp60

??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??1ios_base@std@@UAE@XZ
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1_Winit@std@@QAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
?_Xlen@std@@YAXXZ
??0bad_alloc@std@@QAE@PBD@Z
?_Xran@std@@YAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
?clear@ios_base@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??1bad_alloc@std@@UAE@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0bad_alloc@std@@QAE@ABV01@@Z
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ

msvcrt

signal
strrchr
toupper
isspace
isdigit
isalpha
strpbrk
abort
_fullpath
strtok
_setmaxstdio
strchr
_except_handler3
strncat
fflush
perror
ctime
vfprintf
_sys_nerr
_sys_errlist
fgetc
fputc
_iob
printf
_snprintf
fseek
ftell
getc
localtime
putc
_ftol
_stricmp
_ftime
pow
_XcptFilter
??1type_info@@UAE@XZ
fputs
_sopen
_exit
atoi
getenv
system
time
fopen
_close
_dup2
_stat
_unlink
_mktemp
_getpid
_umask
_read
_lseek
_open
_fdopen
_strnicmp
_write
_swab
getchar
tolower
isprint
fgets
_errno
fclose
vsprintf
strncmp
_beginthreadex
exit
memchr
_access
_purecall
strncpy
_controlfp
??0exception@@QAE@XZ
memmove
fprintf
_CxxThrowException
??0exception@@QAE@ABV0@@Z
free
malloc
__CxxFrameHandler
atol
_open_osfhandle
sprintf
_initterm
_acmdln
__getmainargs
__p__commode
__setusermatherr
_adjust_fdiv
__dllonexit
__p__fmode
__set_app_type
_onexit
?terminate@@YAXXZ
??1exception@@UAE@XZ
_isatty
_getcwd
_fileno

user32

GetDlgItem
SetForegroundWindow
ShowWindow
PostQuitMessage
DestroyMenu
AppendMenuA
DeleteMenu
GetSystemMenu
DestroyIcon
LoadImageA
GetSysColor
SetWindowLongA
WinHelpA
SetDlgItemTextA
SetMenuDefaultItem
CreatePopupMenu
SendDlgItemMessageA
GetParent
wsprintfA
PostMessageA
GetCursorPos
EnableWindow
GetDlgItemInt
DialogBoxParamA
GetWindowLongA
EndDialog
DefWindowProcA
FindWindowA
LoadStringA
LoadIconA
SetCursor
TrackPopupMenu
LoadCursorA
SetFocus
CreateWindowExA
SendMessageA
UpdateWindow
GetMessageA
DestroyWindow
TranslateMessage
DispatchMessageA
MessageBoxA
SetWindowPos
SetDlgItemInt
RegisterClassA

advapi32

DeregisterEventSource
RegQueryValueExA
RegOpenKeyExA
GetUserNameA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
SetServiceStatus
RegisterEventSourceA
ReportEventA
RegisterServiceCtrlHandlerA
ImpersonateNamedPipeClient
RevertToSelf
StartServiceCtrlDispatcherA
RegCloseKey
SetSecurityDescriptorDacl
OpenProcessToken
OpenThreadToken
InitializeSecurityDescriptor

mpr

WNetGetUniversalNameA
WNetCloseEnum
WNetEnumResourceA
WNetOpenEnumA

gdi32

CreateSolidBrush
SetBkMode
GetStockObject

shell32

Shell_NotifyIconA

comctl32

PropertySheetA
CreatePropertySheetPageA

ws2_32

WSACleanup
listen
bind
getsockopt
setsockopt
connect
socket
htons
getservbyname
WSAGetLastError
gethostname
WSAStartup
accept
getsockname
shutdown
inet_addr
gethostbyname
__WSAFDIsSet
select
recv
send
closesocket
htonl
ntohl

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
file.html
file_info.html
find_text.html
find_text_info.html
firebird.conf
firebird.msg
instsvc.exe
.exe windows:4 windows x86 arch:x86

629dbb2f36ecdab351994f0dadc45497

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
LocalFree
Sleep
FormatMessageA
GetModuleFileNameA
GetLastError
RaiseException
GetEnvironmentVariableA
GetModuleHandleA
CreateFileA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetProcAddress
LoadLibraryA
InitializeCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
RtlUnwind
HeapAlloc
HeapFree
GetComputerNameA
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FlushFileBuffers
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
IsBadReadPtr
IsBadCodePtr
SetFilePointer
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
CloseHandle
WriteConsoleA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode

user32

OemToCharA
CharToOemA

advapi32

OpenSCManagerA
QueryServiceConfigA
SetNamedSecurityInfoA
LsaOpenPolicy
LookupAccountNameA
LsaClose
LsaEnumerateAccountRights
LsaFreeMemory
GetNamedSecurityInfoA
SetEntriesInAclA
OpenServiceA
CloseServiceHandle
LsaAddAccountRights
QueryServiceStatus
CreateServiceA
DeleteService
StartServiceA
ControlService
LsaNtStatusToWinError

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pass.html
pass_info.html
reg.html
reg_info.html
security.fdb
url_info.html

Sharing

General

Malware Config

Signatures

Files

7d8c16ee511989dba08d838c22062a91

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 8KB

5d6433b899be130725b6fa01352b17bb

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

oleaut32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 2KB

87fe953531e8b8d0dca61f883da5770e

Headers

File Characteristics

Imports

msvcr71

kernel32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 844B

.rdata Size: 1024B - Virtual size: 560B

.data Size: 512B - Virtual size: 40B

.reloc Size: 512B - Virtual size: 142B

6e061bb5ece40ba2afb6b44d3da7a714

Headers

File Characteristics

Imports

kernel32

msvcp60

msvcrt

user32

advapi32

mpr

gdi32

shell32

comctl32

ws2_32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 148KB - Virtual size: 147KB

.data Size: 168KB - Virtual size: 201KB

.rsrc Size: 12KB - Virtual size: 10KB

629dbb2f36ecdab351994f0dadc45497

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 8KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 1024B - Virtual size: 844B

.rdata
Size: 1024B - Virtual size: 560B

.data
Size: 512B - Virtual size: 40B

.reloc
Size: 512B - Virtual size: 142B

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 148KB - Virtual size: 147KB

.data
Size: 168KB - Virtual size: 201KB

.rsrc
Size: 12KB - Virtual size: 10KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 1KB