a3b19a4770e2c5c1173d0307e208e6cd

Sharing

Copy URL Twitter E-mail

General

Target

a3b19a4770e2c5c1173d0307e208e6cd
Size

8.7MB
MD5

a3b19a4770e2c5c1173d0307e208e6cd
SHA1

cf472a227357c554b5afdbc03473c25d784c92c6
SHA256

35531da90596379fbd0be46e8ad39841be5e845a034a9358942c640222b68cee
SHA512

9adab9ec3fa9fa5088dfb1d6782815eacc9ce86dd7a0f34b493e97688c6164fa47acdbd9dface25faa69ac16a3c9d64627985ba68cbcf5d3ca76bac7db45bd4f
SSDEEP

196608:HwbuyHLxXDkC87Mf7XQr7598ARK6LR2tCDtYe0pfLFPdE:Q/LxXIC3XQfvj2tmY9tdC

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
a3b19a4770e2c5c1173d0307e208e6cd
unpack001/$PLUGINSDIR/KwfOqDaTdUE.dll
unpack001/$PLUGINSDIR/UjEJOTqnEfM.dll
unpack001/$PLUGINSDIR/bwLSJisGJjd.dll
unpack001/$PLUGINSDIR/nsExec.dll

Files

a3b19a4770e2c5c1173d0307e208e6cd
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 31.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KwfOqDaTdUE.dll
.dll windows:5 windows x86 arch:x86

e09acc920cdf0de72cbf9d59a4cf3cca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
FindFirstFileA
FindNextFileA
FindClose
CreateMutexA
WaitForSingleObject
ReleaseMutex
CreateSemaphoreA
ReleaseSemaphore
CreateFileA
GetSystemInfo
GetFileSizeEx
FormatMessageA
LocalFree
GetFileAttributesA
CreateDirectoryA
RemoveDirectoryA
SetEndOfFile
SetFilePointerEx
WriteFile
GetModuleHandleA
GlobalAlloc
GlobalFree
lstrcpynW
lstrcpyW
MultiByteToWideChar
GetCurrentProcess
SetLastError
SwitchToThread
GetTickCount
Sleep
GetCommandLineW
GetCommandLineA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
SetStdHandle
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
CreateThread
WaitForSingleObjectEx
GetACP
ReadConsoleW
GetProcessTimes
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadLibraryW
LoadLibraryA
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
ExitProcess
QueryPerformanceFrequency
WriteConsoleW
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameW
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
DeleteFileW
CreateFileW
RemoveDirectoryW
CreateDirectoryW
DeviceIoControl
MoveFileW
GetLongPathNameW
GetShortPathNameW
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
SetFileTime
GetFileTime
FlushFileBuffers
IsDBCSLeadByte
SetFileAttributesW
CompareStringA
DecodePointer
FreeLibrary
GetConsoleMode
GetStdHandle
GetFileType
SetConsoleCtrlHandler
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
HeapAlloc
HeapDestroy
GetProcAddress
LockResource
ReadFile

user32

ToAsciiEx
CharUpperW
CharLowerA
CharUpperA
OemToCharBuffA
TranslateAcceleratorW
SendDlgItemMessageA
ValidateRect
BroadcastSystemMessage
ShowCursor
SwitchDesktop
CharLowerW
OemToCharA
CharToOemBuffW
FreeDDElParam
GetWindowLongW
SendDlgItemMessageW
wsprintfW
DlgDirListW

ole32

StgSetTimes
OleCreateLinkToFile
OleCreateLinkFromData
OleCreateMenuDescriptor
StgOpenAsyncDocfileOnIFillLockBytes
WriteClassStg
StgOpenStorageOnILockBytes
GetConvertStg
CoLoadLibrary
OleSaveToStream
OleGetClipboard
OleConvertOLESTREAMToIStorageEx

comdlg32

PageSetupDlgW
FindTextW
GetFileTitleA
GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW
ChooseColorA
PageSetupDlgA
GetFileTitleW

advapi32

SystemFunction036
SetFileSecurityW
AdjustTokenPrivileges
OpenProcessToken
CryptAcquireContextW
ReadEventLogA
CloseEventLog
OpenEventLogA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupPrivilegeValueW

psapi

GetModuleInformation
GetMappedFileNameW
EnumDeviceDrivers
GetDeviceDriverFileNameW
GetProcessImageFileNameA
GetDeviceDriverBaseNameA
GetModuleFileNameExW
QueryWorkingSet
GetProcessImageFileNameW
EmptyWorkingSet
GetModuleFileNameExA
GetDeviceDriverBaseNameW
GetWsChanges

oledlg

OleUIChangeSourceW
OleUIUpdateLinksW
OleUIEditLinksW
ord11
ord8
ord3

version

VerInstallFileW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
VerInstallFileA
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
VerFindFileW
VerFindFileA

resutils

ResUtilGetSzValue
ResUtilFindExpandedSzProperty
ResUtilGetPrivateProperties
ResUtilEnumProperties
ResUtilVerifyPrivatePropertyList
ResUtilGetResourceDependencyByClass
ResUtilGetAllProperties
ResUtilGetResourceNameDependency
ClusWorkerTerminate
ResUtilFindSzProperty
ResUtilIsResourceClassEqual
ResUtilGetPropertySize
ResUtilSetPropertyTableEx

oleacc

GetRoleTextW
AccessibleObjectFromPoint
GetStateTextW
LresultFromObject
WindowFromAccessibleObject
GetOleaccVersionInfo
CreateStdAccessibleProxyA
CreateStdAccessibleObject
CreateStdAccessibleProxyW
AccessibleObjectFromEvent
AccessibleChildren

pdh

PdhOpenLogA
PdhSetCounterScaleFactor
PdhSelectDataSourceW
PdhBrowseCountersW
PdhSetQueryTimeRange
PdhVbOpenQuery
PdhEnumMachinesA
PdhOpenQueryA
PdhLookupPerfNameByIndexW
PdhEnumObjectsW
PdhParseCounterPathW
PdhVbGetOneCounterPath
PdhRemoveCounter

imagehlp

SetImageConfigInformation
ImageAddCertificate
MapFileAndCheckSumW
BindImageEx
MakeSureDirectoryPathExists

imm32

ImmIsIME
ImmConfigureIMEA
ImmConfigureIMEW
ImmRegisterWordW

Exports

Exports

AANbQByNRMS
CwzqroGzsIQHL
FBapolURQVIcDOFZ
GdmZVq
IKEwkUk
ITUWnM
JRgkdyxKnAncF
KVHyjd
LvOLoWbjCcoqjiR
MIyZzOF
MOQNblDgmeuTrQ
OsdlkgyyvrnWvJgxmGN
QJyjpCFCtTIFzoD
SSKenroAFgPdSPkc
SYqpKrUmbXrjuIehuiM
UDdsLXTYusKwXwPbhhQ
UGAFUiEixPGQj
VZUOTiCtxfwOqqNMM
XQutymJS
Xizkl
YZiJwcmp
YerCVbmFJeTQtZqSZb
bLQrqrzlFWObfxjkT
cGuACSy
cpBYKBqoEsRYZuyiHVcb
dtzrYQFueFocpgSLrFdM
fGvphwwOYgkUQXNLrTRU
fPhcFmuId
gJKZVYDAzIiguAom
gylJf
iXFvJhOovwZw
iiibwCBPPvkvPFQz
iswjGEfIlKHql
kEdLKAAqMWnr
kKkaBGyWmLKjoMYbJ
khBqa
mIs
nQqsWdatHVoUv
pVkfhmPvblLPlwUIC
pgYsWhZzODcGtetmYSn
uUgnldYexpGFpaNiRT
wHjrgeIlJwiafK
zEDahUlfsoHVvpQhPhd

Sections

.text
Size: 792KB - Virtual size: 792KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UjEJOTqnEfM.dll
.dll windows:5 windows x86 arch:x86

2bbdb1fc582ce7d015417a8a769b3285

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
GetProcAddress
LoadLibraryA
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
MultiByteToWideChar
CreateFileW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetModuleFileNameW
WriteFile
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetLastError
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
LCMapStringW
GetCommandLineA
GetCurrentThreadId
RtlUnwind
CloseHandle
LoadLibraryW
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetLastError
FlushFileBuffers
RaiseException
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer

user32

wsprintfW

ole32

CoRevokeClassObject
OleCreateEmbeddingHelper
OleGetAutoConvert
GetClassFile
OleConvertIStorageToOLESTREAM
MonikerRelativePathTo
CoDosDateTimeToFileTime
CoGetTreatAsClass

psapi

GetModuleBaseNameW
GetMappedFileNameW
GetProcessMemoryInfo
GetModuleBaseNameA
EnumDeviceDrivers
QueryWorkingSet
GetPerformanceInfo
EnumProcessModules
GetModuleFileNameExA
GetModuleInformation
InitializeProcessForWsWatch
GetProcessImageFileNameA
EnumPageFilesW
GetDeviceDriverFileNameW

winhttp

WinHttpQueryAuthSchemes
WinHttpTimeFromSystemTime
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpOpenRequest
WinHttpTimeToSystemTime
WinHttpSetStatusCallback

resutils

ResUtilGetCoreClusterResources
ResUtilSetBinaryValue
ResUtilVerifyPropertyTable
ResUtilGetResourceNameDependency
ResUtilGetBinaryProperty
ResUtilVerifyService
ResUtilGetPropertiesToParameterBlock
ResUtilGetResourceDependentIPAddressProps
ResUtilFindExpandedSzProperty

secur32

GetSecurityUserInfo
LsaLookupAuthenticationPackage
ImpersonateSecurityContext
EnumerateSecurityPackagesA
AcquireCredentialsHandleA
AcquireCredentialsHandleW
AddSecurityPackageA
ImportSecurityContextA
InitSecurityInterfaceA
TranslateNameA
QuerySecurityPackageInfoW
CompleteAuthToken
LsaRegisterLogonProcess
QueryContextAttributesW

dsprop

ADsPropSetHwnd
ADsPropSetHwndWithTitle
ADsPropShowErrorDialog

Exports

Exports

AwhxgIzaioIseYiOTqL
Cavlr
DRvitPIdEBeNuAStYGCK
EaszIOvAtcCiZgCDfE
EghaoWpyxwNP
FHoDsaHCMpD
FbgwYkv
GHRqVqQYEuQXZBgMy
GKLZcOihirOpmo
GTwxbDXghMaPWwcl
JKXsWGMB
JarYjFmetqNcUUIC
JimiXjH
KhzHcCACd
KlZTlWnXufFVigzDOH
LSvuRqasPTLBLbm
OAOpIVywZpyG
OcXijbQ
QiuPnqGpLR
RUoKzjykJlrN
SSHblMurgIF
SnnNOjnrCoCuAEURHJp
TZbImRCGAOWbZKckYKBI
ULQYIMnGcAWvXe
VZtenQrhocArQyuE
VidKFGQ
ZLaesIRkNGUEfaqHlP
ZdTNsiKiGJGO
aQaCxWaYxnmWrSiVtv
amsaryo
bCHzDfEEUsBfZ
cUfiDlXjarf
eNBhZAPWCCWu
fIsYcvuKonwFk
god
iLaaPRCMsbTehWkHvZ
keVHd
lduvMgsTAmdfplqBNUf
nFlFwcLyPoPQ
pCCIYKufmXJY
qXONwGpXQcfRMEP
qiEIvjjfKjD
tTDqYHtBVAxIMpdslh
uDXVMahrtB
vaOouRMFhlxNJm
wXBmVb
wgWiUOR
wkJLiL
xhPwLvFBjpKWE
ydiXtQrVlhRpgOozWC

Sections

.text
Size: 373KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/bwLSJisGJjd.dll
.dll windows:5 windows x86 arch:x86

8efa61c22c09ab4eb25a9f1264e2ef68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenEventW
HeapSize
IsValidCodePage
GetLastError
GetProfileIntA
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
FindAtomW
GetProcessHeap
GlobalFindAtomA
InitializeSListHead
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
IsSystemResumeAutomatic
GetConsoleAliasExesA
GetCommandLineA
OpenWaitableTimerA
GetFileType
lstrcpynW
MultiByteToWideChar
GlobalFree
WideCharToMultiByte
HeapFree
GetBinaryTypeW
EncodePointer
WriteConsoleW
CloseHandle
GetPrivateProfileIntW
GetPrivateProfileStructW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
SizeofResource
FoldStringA
FindFirstFileA
VerifyVersionInfoA
FindFirstFileExA
GetProcessId
OpenSemaphoreA
LoadLibraryA
LockResource
GetNativeSystemInfo
FindResourceExW
LoadResource
FindResourceW
GetProcAddress
IsProcessorFeaturePresent
WinExec
InterlockedIncrement
GetConsoleAliasExesLengthA
ReadFile
OpenEventA
GetThreadPriorityBoost
GetProcessShutdownParameters
GetSystemDefaultLCID
GetSystemTimeAdjustment
GetCPInfo
GetUserDefaultUILanguage
SetFilePointer
CreateFileW
GetModuleHandleA
GetExitCodeThread
LocalFileTimeToFileTime
OpenSemaphoreW
GetFileSize
OpenFileMappingA
GetSystemTimeAsFileTime
LoadLibraryW
FreeLibrary
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
InterlockedFlushSList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetACP
LCMapStringW
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetCommandLineW
GetStringTypeW
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx

user32

CreateWindowStationW
DeferWindowPos
CreateIconFromResourceEx
CheckDlgButton
CheckMenuItem
DefWindowProcA
GetDCEx
CallMsgFilterA
DestroyCursor
ChangeMenuW

gdi32

CreateCompatibleBitmap

advapi32

SystemFunction036

d3d9

Direct3DCreate9

Exports

Exports

CIosMvDSVkSiymWzt
DOdxGpySpFmYX
FIdCONsGuUAXUEUwlW
GcqPuw
HeHvZ
HjlmfhQhdKDkwoYQJWyk
IOcgnptFOAwrX
ImjcjvztajPVVz
JgwmrUlOkmYO
PDKlleLknsqHsCILHyyx
PkONTXSJBOInrKlE
QqeOSPqJbdlxS
ShaoIHMAk
VHZNIXRrGhRTxDroOb
VLxwUQlkvkNHJcNkHG
VZZdOQGMxjHTeFSKZ
VafkmsIUMr
WUKmJlmTifiZ
YwtIovEHBqOzH
ZPswUldGMeYAjbF
cvDjgCCjEzYgxst
dXFdIfCknewzCuR
eOIpcSui
fjSfvntbFExg
hNjkTr
hfeIh
hmtpRuUoZwfOOAMp
owCOsZi
tFOXVLw
tuDjUcjMoQKh
uKkXAkoCHyGYYsmDlH
xAaRuFViGHjLrziOiTMd
zsZwHykBPi

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/hWi.gif
.gif
$PLUGINSDIR/nsExec.dll
.dll windows:5 windows x86 arch:x86

8700d0ebbb41c81ea52718af1ab70a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
MultiByteToWideChar
lstrlenA
lstrcmpiW
lstrlenW
ExitProcess
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcpynW
GetCommandLineW
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
GetModuleHandleW
GetTickCount
GetStartupInfoW
CreatePipe
GetVersionExW
GlobalLock
DeleteFileW
lstrcatW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetProcAddress
PeekNamedPipe
GetCurrentProcess

user32

CharPrevW
CharNextW
SendMessageW
FindWindowExW
wsprintfW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 458KB

.ndata Size: - Virtual size: 1.4MB

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 4KB - Virtual size: 31.7MB

e09acc920cdf0de72cbf9d59a4cf3cca

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

comdlg32

advapi32

psapi

oledlg

version

resutils

oleacc

pdh

imagehlp

imm32

Exports

Exports

Sections

.text Size: 792KB - Virtual size: 792KB

.rdata Size: 179KB - Virtual size: 179KB

.data Size: 22KB - Virtual size: 72KB

.gfids Size: 1024B - Virtual size: 556B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 48KB - Virtual size: 47KB

2bbdb1fc582ce7d015417a8a769b3285

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

psapi

winhttp

resutils

secur32

dsprop

Exports

Exports

Sections

.text Size: 373KB - Virtual size: 373KB

.rdata Size: 79KB - Virtual size: 79KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 33KB - Virtual size: 32KB

8efa61c22c09ab4eb25a9f1264e2ef68

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 458KB

.ndata
Size: - Virtual size: 1.4MB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 4KB - Virtual size: 31.7MB

.text
Size: 792KB - Virtual size: 792KB

.rdata
Size: 179KB - Virtual size: 179KB

.data
Size: 22KB - Virtual size: 72KB

.gfids
Size: 1024B - Virtual size: 556B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 48KB - Virtual size: 47KB

.text
Size: 373KB - Virtual size: 373KB

.rdata
Size: 79KB - Virtual size: 79KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 33KB - Virtual size: 32KB

.text
Size: 139KB - Virtual size: 138KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 3KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 276B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 10KB - Virtual size: 9KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 454B