ef35154f3c5c4f99abe24c45c4dcd44140b0eee8e17d09434498d57900a4129a

Sharing

Copy URL Twitter E-mail

General

Target

ef35154f3c5c4f99abe24c45c4dcd44140b0eee8e17d09434498d57900a4129a
Size

2.2MB
MD5

c1652f88d48bf307d7c68e223483e2d3
SHA1

4106090d940e4f1dde9f621483cc3983463085cd
SHA256

ef35154f3c5c4f99abe24c45c4dcd44140b0eee8e17d09434498d57900a4129a
SHA512

0c9443e86cbc28fdfebb679a6ced3400acf6a466e57627fd8a3cbac1aa3ee4705af03f10d6634b3752eec42dc967ad36a10b4d996951f90807ebc2b2e3f52af7
SSDEEP

49152:LB8hdccE7VqnlBRkIyfIRC+oMd7VIHHlkku3wrMGoJ6RagZzYU:mW6RwgRC+oMdu5loGW6Ragpt

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
ef35154f3c5c4f99abe24c45c4dcd44140b0eee8e17d09434498d57900a4129a
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/sai2.exe
unpack001/uninst.exe

Files

ef35154f3c5c4f99abe24c45c4dcd44140b0eee8e17d09434498d57900a4129a
.exe windows:5 windows x86 arch:x86

3dd17653169450c8408af6adb19cd3e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyExW
RegOpenKeyExW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

OleInitialize
OleUninitialize
CoTaskMemFree
IIDFromString
CoCreateInstance

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

PeekMessageW
DispatchMessageW
wsprintfA
wvsprintfW
SystemParametersInfoW
SetClassLongW
GetWindowLongW
GetSysColor
ScreenToClient
SetCursor
GetWindowRect
TrackPopupMenu
AppendMenuW
EnableMenuItem
CreatePopupMenu
GetSystemMenu
GetSystemMetrics
IsWindowEnabled
GetAsyncKeyState
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IsDlgButtonChecked
CheckDlgButton
EndDialog
DialogBoxParamW
IsWindowVisible
SetWindowPos
SetDlgItemTextW
GetClassInfoW
RegisterClassW
CallWindowProcW
GetMessagePos
CharNextW
ExitWindowsEx
SetWindowTextW
SetTimer
CreateDialogParamW
DestroyWindow
LoadImageW
FindWindowExW
SetWindowLongW
InvalidateRect
ReleaseDC
GetDC
SetForegroundWindow
EnableWindow
GetDlgItem
ShowWindow
IsWindow
PostQuitMessage
SendMessageTimeoutW
SendMessageW
wsprintfW
FillRect
GetClientRect
EndPaint
BeginPaint
DrawTextW
DefWindowProcW
MessageBoxIndirectW
CharPrevW
CharNextA
CreateWindowExW
GetDlgItemTextW
LoadCursorW

gdi32

GetDeviceCaps
SetBkColor
CreateBrushIndirect
SetTextColor
SetBkMode
SelectObject
DeleteObject
CreateFontIndirectW

kernel32

WriteFile
WaitForSingleObject
GetExitCodeProcess
GetTempFileNameW
CreateDirectoryW
WideCharToMultiByte
lstrlenW
lstrcpynW
GlobalLock
GlobalUnlock
CreateThread
GetDiskFreeSpaceW
CopyFileW
GetVersionExW
GetWindowsDirectoryW
ExitProcess
GetCurrentProcess
SetErrorMode
GetTempPathW
CreateProcessW
GetCommandLineW
GetModuleFileNameW
GetTickCount
GetFileSize
CreateFileW
MultiByteToWideChar
MoveFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
lstrcmpiW
lstrcmpW
MulDiv
GlobalFree
GlobalAlloc
LoadLibraryExW
GetModuleHandleW
FreeLibrary
Sleep
GetLastError
CloseHandle
SetFileTime
SetFilePointer
SetFileAttributesW
ReadFile
GetShortPathNameW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CompareFileTime
SearchPathW
SetCurrentDirectoryW
ExpandEnvironmentStringsW
RemoveDirectoryW
GetSystemDirectoryW
GetModuleHandleA
MoveFileExW
GetProcAddress
lstrcmpiA
lstrcpyA
lstrcatW
SetEnvironmentVariableW

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 576KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

85f08eb0cbec010ecbc287fa68321173

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryW
GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetModuleHandleW
CloseHandle
SetEndOfFile
GetPrivateProfileIntW
SetFilePointer
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
GetPrivateProfileStringW
lstrcatW
lstrcpynW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
WriteFile
GlobalAlloc

user32

PtInRect
LoadCursorW
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
SetWindowLongW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
MessageBoxW
GetSysColor
CharNextW
wsprintfW
GetWindowTextW
SetWindowTextW
SendMessageW
MapWindowPoints

gdi32

SetTextColor
CreateCompatibleDC
GetObjectW
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderW
SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
make_unicode
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
init/blotmap/渗化.bmp
init/blotmap/渗化和杂色.bmp
init/bristle/圆笔.bmp
init/bristle/平笔.bmp
init/bristle/平面.bmp
init/brshape/水彩洇染.bmp
init/brshape/水彩洇染.ini
init/brushtex/图画纸.bmp
init/brushtex/画布.bmp
init/papertex/图画纸.bmp
init/papertex/水彩1.bmp
init/papertex/水彩2.bmp
init/papertex/画布.bmp
init/scatter/星.bmp
init/scatter/星.ini
license.slc
sai-icon.ico
sai2-file.ico
sai2.exe
.exe windows:5 windows x64 arch:x64

ac6a012f0a25bc2e0d8e204a1a7adf29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\MyProjectsVS2010\SYSTEMAX\sai2-branch\bin64\sai2.pdb

Imports

kernel32

SystemTimeToFileTime
FlushFileBuffers
WriteFile
SetFilePointerEx
ReadFile
GetFileSizeEx
DeleteFileW
CreateFileW
Sleep
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
FileTimeToSystemTime
GetFileAttributesW
CompareFileTime
CompareStringW
GetPrivateProfileIntW
ReleaseSemaphore
GlobalAlloc
GlobalFree
LocalAlloc
LocalFree
FileTimeToLocalFileTime
SwitchToThread
CopyFileW
GetPrivateProfileStringW
CreateMutexW
GetLastError
GetProcAddress
CloseHandle
GetDiskFreeSpaceExW
lstrlenA
GetSystemTime
SetStdHandle
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
HeapReAlloc
GetCurrentProcess
SetPriorityClass
GlobalLock
GlobalUnlock
GetTickCount
GetCurrentThread
SetThreadPriority
GetCurrentThreadId
WaitForSingleObject
HeapSize
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
RtlPcToFileHeader
GetStdHandle
ExitProcess
GetStringTypeW
HeapCreate
WideCharToMultiByte
MultiByteToWideChar
WaitForMultipleObjects
ResetEvent
WriteConsoleW
SetEvent
EnterCriticalSection
LeaveCriticalSection
GetVersion
HeapSetInformation
TerminateProcess
DecodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RtlVirtualUnwind
RtlLookupFunctionEntry
FreeLibrary
SetFilePointer
GetFileSize
FormatMessageW
LoadLibraryW
RaiseException
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
GlobalMemoryStatusEx
RtlCaptureContext
SetThreadAffinityMask
GetProcessAffinityMask
SuspendThread
ResumeThread
CreateEventW
CreateSemaphoreW
GetModuleFileNameW
GetCommandLineW
GetModuleHandleW
DeviceIoControl
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetFileTime
SetFileTime
SetEndOfFile
FlushViewOfFile
SetLastError
MoveFileExW
CreateDirectoryW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetDriveTypeW
GetEnvironmentVariableW
OutputDebugStringW
DebugBreak
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetVersionExW
GetCPInfo
GetSystemInfo
RtlUnwindEx
HeapFree
HeapAlloc
GetCommandLineA
GetStartupInfoW
VirtualProtect
SetThreadStackGuarantee
ExitThread
CreateThread
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
LCMapStringW
UnhandledExceptionFilter

user32

DrawIconEx
DestroyIcon
LoadCursorW
GetAncestor
ReleaseCapture
WaitMessage
GetMessageW
GetDlgCtrlID
DefWindowProcW
SetWindowLongPtrW
GetSystemMenu
MoveWindow
SystemParametersInfoW
GetWindowRect
AdjustWindowRectEx
CreateWindowExW
GetSystemMetrics
DrawTextW
FillRect
GetWindowLongPtrW
EnableWindow
RegisterClassExW
GetSysColor
RedrawWindow
MapWindowPoints
SetLayeredWindowAttributes
FrameRect
GetClientRect
GetPropW
SetPropW
MonitorFromWindow
CreatePopupMenu
SetMenuInfo
CreateMenu
GetScrollPos
SetScrollInfo
GetScrollRange
SetScrollRange
SetScrollPos
GetMenuItemInfoW
GetMenuItemCount
EnableMenuItem
SetMenuItemInfoW
CheckMenuItem
ClientToScreen
PostThreadMessageW
SetWindowRgn
GetMonitorInfoW
MonitorFromRect
IsZoomed
GetWindowTextW
SetWindowTextW
GetWindowLongW
SetWindowLongW
ScreenToClient
GetWindowThreadProcessId
GetCursorPos
WindowFromPoint
GetDC
EnumChildWindows
SetWindowPlacement
SetParent
GetClassLongPtrW
LoadIconW
SendInput
GetDlgItem
LoadImageW
mouse_event
MessageBoxW
DeferWindowPos
EndDeferWindowPos
BeginDeferWindowPos
SetCaretPos
ShowCaret
CreateCaret
DestroyCaret
HideCaret
CreateIconIndirect
IsChild
GetKeyState
GetNextDlgTabItem
DestroyMenu
GetWindowDC
ReleaseDC
GetWindowPlacement
SetCursor
SetWindowPos
MessageBeep
GetParent
SetActiveWindow
BeginPaint
EndPaint
RegisterClipboardFormatW
SetFocus
ShowWindow
ReplyMessage
SetForegroundWindow
GetMenuInfo
IsIconic
DestroyWindow
PostQuitMessage
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
IsClipboardFormatAvailable
DeleteMenu
AppendMenuW
InsertMenuItemW
GetCapture
GetFocus
SendMessageW
GetAsyncKeyState
SetTimer
KillTimer
PeekMessageW
TranslateMessage
DispatchMessageW
EnumThreadWindows
UpdateWindow
PostMessageW
MsgWaitForMultipleObjects
SetCapture
ScrollWindowEx
IsWindowEnabled
ChildWindowFromPointEx

gdi32

CreateRectRgn
BitBlt
ExtSelectClipRgn
OffsetClipRgn
SelectClipRgn
DeleteDC
DeleteObject
LineTo
MoveToEx
CreatePen
Arc
CreateSolidBrush
SelectObject
GetTextExtentExPointW
CreateDIBSection
CreateCompatibleBitmap
GetCurrentObject
CreateCompatibleDC
SetTextColor
GetDeviceCaps
GetCharacterPlacementW
GetGlyphOutlineW
GetTextExtentPoint32W
ExtTextOutW
GetTextMetricsW
CreateFontIndirectW
CreateRectRgnIndirect
ExtCreateRegion
CombineRgn
GetRegionData
CreateBitmap
CreateDIBitmap
EnumFontFamiliesExW
GetStockObject
RectVisible
SetBkMode
GetObjectW
SetBkColor
SetDIBitsToDevice

comdlg32

GetOpenFileNameW
GetSaveFileNameW

shell32

SHGetPathFromIDListW
CommandLineToArgvW
ord21
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetSettings
SHGetFileInfoW
DragQueryFileW
DragFinish
DragAcceptFiles
SHFileOperationW
SHGetSpecialFolderPathW

ole32

OleDuplicateData
RegisterDragDrop
RevokeDragDrop
CoTaskMemFree
StringFromIID
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemAlloc
DoDragDrop
ReleaseStgMedium

imm32

ImmNotifyIME
ImmGetCompositionStringW
ImmGetContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx

comctl32

ImageList_GetIconSize
ImageList_GetIcon

shlwapi

StrRetToBufW
PathCanonicalizeW
PathIsRelativeW

rpcrt4

UuidCreate

advapi32

EqualSid
RegOpenKeyExW
RegCloseKey
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
FreeSid
RegQueryValueExW
RegCreateKeyExW

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 426KB - Virtual size: 426KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 341KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.shared
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.appskin
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.srclibs
Size: 437KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sai2.ini
uninst.exe
.exe windows:5 windows x86 arch:x86

3dd17653169450c8408af6adb19cd3e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyExW
RegOpenKeyExW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

OleInitialize
OleUninitialize
CoTaskMemFree
IIDFromString
CoCreateInstance

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

PeekMessageW
DispatchMessageW
wsprintfA
wvsprintfW
SystemParametersInfoW
SetClassLongW
GetWindowLongW
GetSysColor
ScreenToClient
SetCursor
GetWindowRect
TrackPopupMenu
AppendMenuW
EnableMenuItem
CreatePopupMenu
GetSystemMenu
GetSystemMetrics
IsWindowEnabled
GetAsyncKeyState
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IsDlgButtonChecked
CheckDlgButton
EndDialog
DialogBoxParamW
IsWindowVisible
SetWindowPos
SetDlgItemTextW
GetClassInfoW
RegisterClassW
CallWindowProcW
GetMessagePos
CharNextW
ExitWindowsEx
SetWindowTextW
SetTimer
CreateDialogParamW
DestroyWindow
LoadImageW
FindWindowExW
SetWindowLongW
InvalidateRect
ReleaseDC
GetDC
SetForegroundWindow
EnableWindow
GetDlgItem
ShowWindow
IsWindow
PostQuitMessage
SendMessageTimeoutW
SendMessageW
wsprintfW
FillRect
GetClientRect
EndPaint
BeginPaint
DrawTextW
DefWindowProcW
MessageBoxIndirectW
CharPrevW
CharNextA
CreateWindowExW
GetDlgItemTextW
LoadCursorW

gdi32

GetDeviceCaps
SetBkColor
CreateBrushIndirect
SetTextColor
SetBkMode
SelectObject
DeleteObject
CreateFontIndirectW

kernel32

WriteFile
WaitForSingleObject
GetExitCodeProcess
GetTempFileNameW
CreateDirectoryW
WideCharToMultiByte
lstrlenW
lstrcpynW
GlobalLock
GlobalUnlock
CreateThread
GetDiskFreeSpaceW
CopyFileW
GetVersionExW
GetWindowsDirectoryW
ExitProcess
GetCurrentProcess
SetErrorMode
GetTempPathW
CreateProcessW
GetCommandLineW
GetModuleFileNameW
GetTickCount
GetFileSize
CreateFileW
MultiByteToWideChar
MoveFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
lstrcmpiW
lstrcmpW
MulDiv
GlobalFree
GlobalAlloc
LoadLibraryExW
GetModuleHandleW
FreeLibrary
Sleep
GetLastError
CloseHandle
SetFileTime
SetFilePointer
SetFileAttributesW
ReadFile
GetShortPathNameW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CompareFileTime
SearchPathW
SetCurrentDirectoryW
ExpandEnvironmentStringsW
RemoveDirectoryW
GetSystemDirectoryW
GetModuleHandleA
MoveFileExW
GetProcAddress
lstrcmpiA
lstrcpyA
lstrcatW
SetEnvironmentVariableW

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 576KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3dd17653169450c8408af6adb19cd3e5

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 397KB

.ndata Size: - Virtual size: 576KB

.rsrc Size: 15KB - Virtual size: 14KB

85f08eb0cbec010ecbc287fa68321173

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 662B

ac6a012f0a25bc2e0d8e204a1a7adf29

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

shell32

ole32

imm32

comctl32

shlwapi

rpcrt4

advapi32

oleaut32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.code Size: 2KB - Virtual size: 2KB

.rdata Size: 426KB - Virtual size: 426KB

.data Size: 341KB - Virtual size: 501KB

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 397KB

.ndata
Size: - Virtual size: 576KB

.rsrc
Size: 15KB - Virtual size: 14KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 2.3MB - Virtual size: 2.3MB

.code
Size: 2KB - Virtual size: 2KB

.rdata
Size: 426KB - Virtual size: 426KB

.data
Size: 341KB - Virtual size: 501KB

.pdata
Size: 121KB - Virtual size: 120KB

.shared
Size: 512B - Virtual size: 8B

.tls
Size: 15KB - Virtual size: 14KB

.appskin
Size: 1.6MB - Virtual size: 1.6MB

.srclibs
Size: 437KB - Virtual size: 436KB

text
Size: 7KB - Virtual size: 6KB

data
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 168KB - Virtual size: 167KB

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 397KB

.ndata
Size: - Virtual size: 576KB

.rsrc
Size: 15KB - Virtual size: 14KB