a12a6ab1bb4fc5d10d5569a0a0553b86

Sharing

Copy URL Twitter E-mail

General

Target

a12a6ab1bb4fc5d10d5569a0a0553b86
Size

2.6MB
MD5

a12a6ab1bb4fc5d10d5569a0a0553b86
SHA1

2d22262a4ca849bef9e8fd9193bce29f184aeaf5
SHA256

6e1c7e4dd0fcf04f44e8a05af7e7f7c926b2eefdb4a08c8157ba0da0393ad549
SHA512

e32f3e34e4d44cbc90a5d5c310b787050cee8ab9f13e7a7ed8e2a6381410fdf176002485b001c89b7b7326ebbb74b3bbce0f6bbc3f8c415647be269243f7d901
SSDEEP

49152:JWBQSstCCxN0foTroSW3wzpZMsqHIeSWzCA2LiW3lCHx1khjUdRE:JWBsIw0fbSBzpZHqtjCA6lCHjk2fE

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/htmlayout.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/htmlayout.dll	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
a12a6ab1bb4fc5d10d5569a0a0553b86
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/VPatch.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/htmlayout.dll
unpack002/out.upx
unpack001/wdc.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

a12a6ab1bb4fc5d10d5569a0a0553b86
.exe windows:4 windows x86 arch:x86

c9caf6a551586cbac09373525f40c429

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryA
CreateProcessA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
RemoveDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

CheckDlgButton
ScreenToClient
GetMessagePos
CallWindowProcA
IsWindowVisible
LoadBitmapA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
LoadCursorA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SetCursor
GetWindowLongA
GetSysColor
CharNextA
ExitWindowsEx
SetWindowPos
MessageBoxA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumValueA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/4237e0895ee4dfed1a0f49890d21150b.phili.psis
$PLUGINSDIR/75818e69513d8d73394a71b52ddf0307.phili.psis
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

88d8a4a9c21e345682f6b1fac45c4679

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect
MultiByteToWideChar
FreeLibrary

user32

wsprintfA

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/VPatch.dll
.dll windows:4 windows x86 arch:x86

308dbf2136b37be830bdd627b8ff3095

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFileTime
WriteFile
GetSystemTimeAsFileTime
ReadFile
SetFilePointer
DeleteFileA
CloseHandle
CreateFileA
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc

Exports

Exports

GetFileCRC32
GetFileMD5
vpatchfile

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 322B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/c8f3100b75c18d54caaf73d465b6e0ad.phili.psis
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

15853d16b1b391dba821d9b99cd14939

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
lstrcmpiA
ExitProcess
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
lstrcpynA
GetCommandLineA
Sleep
TerminateProcess
lstrcpyA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
GetModuleHandleA
GetTickCount
GetStartupInfoA
CreatePipe
GetVersionExA
GlobalLock
DeleteFileA
lstrcatA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
GetProcAddress
PeekNamedPipe
GetCurrentProcess

user32

FindWindowExA
CharPrevA
OemToCharBuffA
SendMessageA
wsprintfA
CharNextA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 406B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4237e0895ee4dfed1a0f49890d21150b
75818e69513d8d73394a71b52ddf0307
MyriadWebPro-Condensed.ttf
c8f3100b75c18d54caaf73d465b6e0ad
cscroll.css
dir.png
.png
dot.gif
.gif
foot.png
.png
htmlayout.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

HTMLayoutAnimateElement
HTMLayoutAppendMasterCSS
HTMLayoutAttachEventHandler
HTMLayoutAttachEventHandlerEx
HTMLayoutCallBehaviorMethod
HTMLayoutClassNameA
HTMLayoutClassNameW
HTMLayoutClearAttributes
HTMLayoutClipboardCopy
HTMLayoutCloneElement
HTMLayoutCombineURL
HTMLayoutCommitUpdates
HTMLayoutControlGetType
HTMLayoutControlGetValue
HTMLayoutControlSetValue
HTMLayoutCreateElement
HTMLayoutDataReady
HTMLayoutDataReadyAsync
HTMLayoutDeclareElementType
HTMLayoutDeleteElement
HTMLayoutDetachElement
HTMLayoutDetachEventHandler
HTMLayoutDialog
HTMLayoutElementGetExpando
HTMLayoutElementSetExpando
HTMLayoutEnumElementStyles
HTMLayoutEnumResources
HTMLayoutEnumResourcesEx
HTMLayoutEnumerate
HTMLayoutFindElement
HTMLayoutGetAttributeByName
HTMLayoutGetAttributeCount
HTMLayoutGetCharacterRect
HTMLayoutGetChildrenCount
HTMLayoutGetElementByUID
HTMLayoutGetElementHtml
HTMLayoutGetElementHtmlCB
HTMLayoutGetElementHwnd
HTMLayoutGetElementIndex
HTMLayoutGetElementInnerText
HTMLayoutGetElementInnerText16
HTMLayoutGetElementInnerTextCB
HTMLayoutGetElementIntrinsicHeight
HTMLayoutGetElementIntrinsicWidths
HTMLayoutGetElementLocation
HTMLayoutGetElementState
HTMLayoutGetElementText
HTMLayoutGetElementType
HTMLayoutGetElementUID
HTMLayoutGetFocusElement
HTMLayoutGetGraphin
HTMLayoutGetMinHeight
HTMLayoutGetMinWidth
HTMLayoutGetNthAttribute
HTMLayoutGetNthChild
HTMLayoutGetParentElement
HTMLayoutGetRootElement
HTMLayoutGetScrollInfo
HTMLayoutGetSelectedHTML
HTMLayoutGetStyleAttribute
HTMLayoutHidePopup
HTMLayoutHttpRequest
HTMLayoutInit
HTMLayoutInsertElement
HTMLayoutIsElementEnabled
HTMLayoutIsElementVisible
HTMLayoutLoadFile
HTMLayoutLoadHtml
HTMLayoutLoadHtmlEx
HTMLayoutMoveElement
HTMLayoutMoveElementEx
HTMLayoutParseValue
HTMLayoutPostEvent
HTMLayoutProc
HTMLayoutProcND
HTMLayoutProcW
HTMLayoutProcessUIEvent
HTMLayoutRangeAdvancePos
HTMLayoutRangeCreate
HTMLayoutRangeFromPositions
HTMLayoutRangeFromSelection
HTMLayoutRangeInsertHtml
HTMLayoutRangeIsEmpty
HTMLayoutRangeRelease
HTMLayoutRangeReplace
HTMLayoutRangeToHtml
HTMLayoutRender
HTMLayoutRenderElement
HTMLayoutRequestElementData
HTMLayoutScrollToView
HTMLayoutSelectElements
HTMLayoutSelectElementsW
HTMLayoutSelectParent
HTMLayoutSelectParentW
HTMLayoutSelectionExist
HTMLayoutSendEvent
HTMLayoutSetAttributeByName
HTMLayoutSetCSS
HTMLayoutSetCallback
HTMLayoutSetCapture
HTMLayoutSetDataLoader
HTMLayoutSetElementHtml
HTMLayoutSetElementInnerText
HTMLayoutSetElementInnerText16
HTMLayoutSetElementState
HTMLayoutSetEventRoot
HTMLayoutSetHttpHeaders
HTMLayoutSetMasterCSS
HTMLayoutSetMediaType
HTMLayoutSetMode
HTMLayoutSetOption
HTMLayoutSetScrollPos
HTMLayoutSetStyleAttribute
HTMLayoutSetTimer
HTMLayoutSetTimerEx
HTMLayoutSetupDebugOutput
HTMLayoutShowPopup
HTMLayoutShowPopupAt
HTMLayoutSortElements
HTMLayoutSwapElements
HTMLayoutTrackPopupAt
HTMLayoutTranslateMessage
HTMLayoutTraverseUIEvent
HTMLayoutUpdateElement
HTMLayoutUpdateElementEx
HTMLayoutUpdateWindow
HTMLayoutUrlEscape
HTMLayoutUrlUnescape
HTMLayoutVisitElements
HTMLayoutWindowAttachEventHandler
HTMLayoutWindowDetachEventHandler
HTMLayout_UnuseElement
HTMLayout_UseElement
HTMLiteAdvanceFocus
HTMLiteAttachEventHandler
HTMLiteCreateInstance
HTMLiteDestroyInstance
HTMLiteDetachEventHandler
HTMLiteFindElement
HTMLiteGetDocumentMinHeight
HTMLiteGetDocumentMinWidth
HTMLiteGetElementByUID
HTMLiteGetElementHTMLITE
HTMLiteGetFocusElement
HTMLiteGetNextFocusable
HTMLiteGetRootElement
HTMLiteGetTag
HTMLiteLoadHtmlFromFile
HTMLiteLoadHtmlFromMemory
HTMLiteMeasure
HTMLiteRender
HTMLiteRenderEx
HTMLiteRenderOnBitmap
HTMLiteSetCallback
HTMLiteSetDataReady
HTMLiteSetDataReadyAsync
HTMLiteSetMediaType
HTMLiteSetTag
HTMLiteTraverseUIEvent
HTMLiteUpdateView
HTMPrintCreateInstance
HTMPrintDestroyInstance
HTMPrintGetDocumentHeight
HTMPrintGetDocumentMinWidth
HTMPrintGetRootElement
HTMPrintGetTag
HTMPrintLoadHtmlFromFile
HTMPrintLoadHtmlFromFileW
HTMPrintLoadHtmlFromMemory
HTMPrintMeasure
HTMPrintRender
HTMPrintSetCallback
HTMPrintSetDataReady
HTMPrintSetHyperlinkAreaCallback
HTMPrintSetLoadDataCallback
HTMPrintSetMediaType
HTMPrintSetNextPageCallback
HTMPrintSetTag
ValueBinaryData
ValueBinaryDataSet
ValueClear
ValueCompare
ValueCopy
ValueElementsCount
ValueEnumElements
ValueFloatData
ValueFloatDataSet
ValueFromString
ValueGetValueOfKey
ValueInit
ValueInt64Data
ValueInt64DataSet
ValueIntData
ValueIntDataSet
ValueInvoke
ValueIsolate
ValueNthElementKey
ValueNthElementValue
ValueNthElementValueSet
ValueSetValueToKey
ValueStringData
ValueStringDataSet
ValueToString
ValueType
_HTMLayoutSetMediaVars@8

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 907KB - Virtual size: 908KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
logo.png
.png
logo2.png
.png
logo2m.png
.png
mss.css
run.bat
sb-h-scroll-next.png
.png
sb-h-scroll-prev.png
.png
sb-scroll-back.png
.png
sb-scroll-base.png
.png
sb-scroll-slider.png
.png
sb-v-scroll-next.png
.png
sb-v-scroll-prev.png
.png
sert.cer
wdc.exe
.exe windows:5 windows x86 arch:x86

a6e4db6d0301308509a7f5737a79f454

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cmd.pdb

Imports

msvcrt

__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
_cexit
_XcptFilter
_exit
_c_exit
calloc
_wcslwr
qsort
_vsnwprintf
wcsstr
_dup2
_dup
_open_osfhandle
_close
swscanf
_ultoa
_pipe
_seh_longjmp_unwind
_setmode
wcsncmp
iswxdigit
fflush
exit
_wtol
time
srand
__set_app_type
wcsrchr
malloc
free
wcstoul
_errno
iswalpha
printf
rand
swprintf
_iob
fprintf
towlower
realloc
setlocale
_snwprintf
wcscat
_wcsupr
wcsncpy
_wpopen
fgets
_pclose
memmove
wcschr
iswspace
_tell
longjmp
wcscmp
_wcsnicmp
_wcsicmp
wcstol
iswdigit
_getch
_get_osfhandle
_controlfp
_setjmp3
_except_handler3
wcscpy
wcslen
wcsspn
towupper

kernel32

FlushConsoleInputBuffer
LoadLibraryA
InterlockedExchange
FreeLibrary
LocalAlloc
GetVDMCurrentDirectories
CmdBatNotification
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetThreadLocale
GetDiskFreeSpaceExW
CompareFileTime
RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
CopyFileW
SetFileAttributesW
DeleteFileW
SetFileTime
CreateDirectoryW
FillConsoleOutputAttribute
SetConsoleTextAttribute
ScrollConsoleScreenBufferW
FormatMessageW
DuplicateHandle
FlushFileBuffers
HeapReAlloc
HeapSize
GetFileAttributesExW
LocalFree
GetDriveTypeW
InitializeCriticalSection
SetConsoleCtrlHandler
GetWindowsDirectoryW
GetConsoleTitleW
GetModuleFileNameW
GetVersion
EnterCriticalSection
LeaveCriticalSection
ExpandEnvironmentStringsW
SearchPathW
WriteFile
GetVolumeInformationW
SetLastError
MoveFileW
SetConsoleTitleW
MoveFileExW
GetBinaryTypeW
GetFileAttributesW
GetCurrentThreadId
CreateProcessW
LoadLibraryW
ReadProcessMemory
SetErrorMode
GetConsoleMode
SetConsoleMode
VirtualAlloc
VirtualFree
SetEnvironmentVariableW
GetEnvironmentVariableW
GetCommandLineW
GetEnvironmentStringsW
GetLocalTime
GetTimeFormatW
FileTimeToLocalFileTime
GetDateFormatW
GetLastError
CloseHandle
SetThreadLocale
GetProcAddress
GetModuleHandleW
SetFilePointer
lstrcmpW
lstrcmpiW
HeapAlloc
GetProcessHeap
HeapFree
MultiByteToWideChar
ReadFile
WriteConsoleW
FillConsoleOutputCharacterW
SetConsoleCursorPosition
ReadConsoleW
GetConsoleScreenBufferInfo
GetStdHandle
GetFileType
VirtualQuery
RaiseException
GetCPInfo
GetConsoleOutputCP
WideCharToMultiByte
GetFileSize
CreateFileW
FindClose
FindNextFileW
FindFirstFileW
GetFullPathNameW
GetUserDefaultLCID
GetLocaleInfoW
SetLocalTime
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime

user32

GetUserObjectInformationW
GetThreadDesktop
MessageBeep
GetProcessWindowStation

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
winzipninfo
.html
xrul.css
 xrul.css

Sharing

General

Malware Config

Signatures

Files

c9caf6a551586cbac09373525f40c429

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 16KB - Virtual size: 16KB

88d8a4a9c21e345682f6b1fac45c4679

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 1024B - Virtual size: 816B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 516B

308dbf2136b37be830bdd627b8ff3095

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 1024B - Virtual size: 756B

.data Size: - Virtual size: 37KB

.reloc Size: 512B - Virtual size: 322B

15853d16b1b391dba821d9b99cd14939

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 406B

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 1.5MB

UPX1 Size: 907KB - Virtual size: 908KB

.rsrc Size: 11KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 352KB - Virtual size: 351KB

.data Size: 104KB - Virtual size: 117KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 816B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 516B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 1024B - Virtual size: 756B

.data
Size: - Virtual size: 37KB

.reloc
Size: 512B - Virtual size: 322B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 406B

UPX0
Size: - Virtual size: 1.5MB

UPX1
Size: 907KB - Virtual size: 908KB

.rsrc
Size: 11KB - Virtual size: 12KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 352KB - Virtual size: 351KB

.data
Size: 104KB - Virtual size: 117KB

.rsrc
Size: 60KB - Virtual size: 59KB

.reloc
Size: 108KB - Virtual size: 104KB

.text
Size: 125KB - Virtual size: 125KB

.data
Size: 114KB - Virtual size: 114KB

.rsrc
Size: 145KB - Virtual size: 145KB