809e21f12073f6fa27247f6158df6644[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

809e21f12073f6fa27247f6158df6644.bin
Size

13.2MB
MD5

809e21f12073f6fa27247f6158df6644
SHA1

683281674ffd8e8f3c2425ee223e6505f6103ac2
SHA256

1600c099e29641f4805310781d3b065cfa836bf44b5b0cc465b607d553a5d61a
SHA512

e83da26065080343c53b663e4ab5fd6a3eddd35fbedf3fec6e49d898037cf2655ed56284be4b4fdd3cb5762d41082bf0ad9a43589ab849797056ab7dd66e1efa
SSDEEP

196608:FotNBrfdHTloev2BgytkcuXZ0CJKopwFzfS0+hp5cjSWw9XUZmpXUII3s3d6X1cz:FotNBZHTl32BPtH8vwI0+LjUKKSz

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Xpand - Copy/Library/Xpand.exe
unpack001/Xpand - Copy/Plugins/Xpand!2.dll
unpack001/Xpand - Copy/Plugins/Xpand!2_x64.dll

Files

809e21f12073f6fa27247f6158df6644.bin
.zip

Password: infected
Xpand - Copy/Library/Xpand.exe
.exe windows:1 windows x86 arch:x86

Password: infected

103bad249b360125529cae039d4dac04

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetCurrentDirectoryA
lstrlenA

shlwapi

SHSetValueA
UrlCreateFromPathA

user32

MessageBoxTimeoutA

Sections

.code
Size: 512B - Virtual size: 165B

IMAGE_SCN_MEM_EXECUTE

.data
Size: 1024B - Virtual size: 524B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 302B

IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_MEM_READ
Xpand - Copy/Plugins/Xpand!2.dll
.dll windows:4 windows x86 arch:x86

Password: infected

3bacae927fc12054421c9a4c78123175

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
GetStdHandle
PeekNamedPipe
GetOverlappedResult
InterlockedExchangeAdd
TryEnterCriticalSection
GlobalAlloc
FindClose
GlobalUnlock
GlobalLock
GlobalSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
InterlockedCompareExchange
InterlockedExchange
OutputDebugStringA
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
FindFirstFileExW
FindNextFileW
GetUserDefaultUILanguage
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
GetFileAttributesExW
DeviceIoControl
GetTempPathW
GetFullPathNameW
DeleteFileW
MoveFileW
CopyFileW
GetCurrentDirectoryW
GetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
GetFileInformationByHandle
FindFirstFileW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentProcess
DuplicateHandle
CreateThread
WaitForMultipleObjects
TlsGetValue
ResumeThread
TlsSetValue
SetThreadPriority
TerminateThread
TlsAlloc
Sleep
SwitchToThread
TlsFree
ResetEvent
GetCurrentThread
GetThreadPriority
SetEvent
CreateEventW
UnmapViewOfFile
CreateFileMappingW
GetSystemInfo
MapViewOfFile
GetLogicalDrives
SetEndOfFile
CreateFileW
SetFilePointer
WriteFile
ReadFile
SetFilePointerEx
GetDriveTypeA
GetFileType
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
GetCurrentThreadId
GetLocalTime
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
GetSystemDirectoryW
GetVersionExW
FormatMessageW
LocalFree
CreateSemaphoreW
WaitForSingleObject
ReleaseSemaphore
GetCurrentProcessId
GetUserDefaultLCID
CompareStringW
GetDriveTypeW
lstrlenA
ExitProcess
lstrcmpW
CreateProcessW
CloseHandle
ExpandEnvironmentStringsW
IsValidLanguageGroup
IsValidLocale
GetLongPathNameW
GetUserDefaultLangID
GetLocaleInfoW
GetLastError
SetErrorMode
GetProcAddress
GetModuleHandleW
GetStartupInfoW
GetVolumeInformationW

user32

CharNextExA
SetClipboardViewer
ChangeClipboardChain
GetClipboardFormatNameW
LoadIconW
GetMenu
GetKeyboardState
SetMenuItemInfoW
TrackPopupMenuEx
MapVirtualKeyW
ToAscii
ToUnicode
GetKeyboardLayout
DestroyCaret
SetCaretPos
CreateCaret
HideCaret
TranslateMessage
GetKeyboardLayoutList
RegisterWindowMessageW
GetAsyncKeyState
RegisterClipboardFormatW
CreateCursor
SetCursorPos
DestroyCursor
GetIconInfo
DrawIconEx
CreateIconIndirect
GetClassInfoW
LoadImageW
RegisterClassExW
GetCursorPos
DefWindowProcW
GetWindowRgn
ClipCursor
GetUpdateRect
InvalidateRgn
BeginPaint
EndPaint
GetAncestor
GetSysColor
GetDoubleClickTime
SetDoubleClickTime
SetCaretBlinkTime
PeekMessageW
PostMessageW
GetKeyState
GetCaretBlinkTime
FlashWindowEx
MessageBeep
WindowFromPoint
CharLowerW
CharLowerA
EnumWindows
PostThreadMessageW
GetWindowThreadProcessId
SetTimer
KillTimer
GetQueueStatus
SendMessageA
RegisterClassW
DispatchMessageW
MsgWaitForMultipleObjectsEx
RegisterWindowMessageA
UnregisterClassW
GetClassNameW
GetParent
SystemParametersInfoW
GetDesktopWindow
CreateWindowExW
GetSystemMenu
EnableMenuItem
SetParent
ValidateRgn
GetClientRect
GetWindowPlacement
SetWindowPlacement
GetWindowRect
IsWindowVisible
IsIconic
IsZoomed
MoveWindow
InvalidateRect
ShowWindow
ScreenToClient
ClientToScreen
DestroyWindow
SetCursor
SetWindowsHookExW
SetCapture
GetSystemMetrics
SendMessageW
SetWindowTextW
SetWindowRgn
ScrollWindowEx
UpdateWindow
SetWindowPos
SetForegroundWindow
ReleaseCapture
UnhookWindowsHookEx
AdjustWindowRectEx
DestroyIcon
CallNextHookEx
ReleaseDC
GetDC
GetWindowLongW
SetWindowLongW
GetActiveWindow
IsChild
GetFocus
SetFocus
GetSysColorBrush

shell32

SHGetFolderPathA
SHGetFileInfoW
ShellExecuteW

comdlg32

GetSaveFileNameW

advapi32

RegQueryValueExW
FreeSid
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
RegCreateKeyExW
RegFlushKey
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW

ws2_32

WSAAsyncSelect

msvcp80

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?uncaught_exception@std@@YA_NXZ
?allocate@?$allocator@D@std@@QAEPADI@Z
?construct@?$allocator@D@std@@QAEXPADABD@Z
?destroy@?$allocator@D@std@@QAEXPAD@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V32@0@Z

msvcr80

_ftelli64
memchr
getenv
sscanf
fflush
sprintf
exit
wcsrchr
_close
strcpy_s
strstr
isspace
isdigit
__CxxLongjmpUnwind
_setjmp3
longjmp
_CIlog
toupper
_CIacos
_lseeki64
??0exception@std@@QAE@ABQBDH@Z
sscanf_s
_CIpow
_CIatan2
_flushall
_CItan
_CIatan
__iob_func
fprintf
floor
_CIcos
_CIsin
_CIsqrt
_strnicmp
strtok
_environ
srand
rand
getenv_s
_get_tzname
_tzset
_wgetenv
printf
_mktime64
_localtime64_s
_gmtime64_s
_errno
_read
_fseeki64
feof
fgets
_write
_get_osfhandle
_fileno
_open_osfhandle
_CIasin
_endthreadex
_beginthreadex
_wchmod
_waccess
isupper
isalpha
_control87
strncat
_clearfp
_wassert
strerror
tolower
_snprintf
vsprintf
strncpy
_vsnprintf
strtod
strtol
vfprintf
atoi
_stricmp
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
__clean_type_info_names_internal
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
_except_handler4_common
_vsnprintf_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_wcsicmp
_wcsnicmp
_CIfmod
calloc
ftell
fopen
fseek
??_V@YAXPAX@Z
fread
fclose
??2@YAPAXI@Z
??3@YAXPAX@Z
fwrite
memmove
__RTDynamicCast
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
_purecall
memmove_s
strncmp
memcpy
__CxxFrameHandler3
_CxxThrowException
ceil
strchr
malloc
free
realloc
memset

gdi32

ExtTextOutW
SetTextAlign
SetBkMode
SetTextColor
GetGlyphOutlineW
SetWorldTransform
SetGraphicsMode
GetTextExtentPoint32W
GetCharABCWidthsFloatW
GetCharABCWidthsI
GetCharABCWidthsW
GetDIBits
CreateDIBSection
GetOutlineTextMetricsW
DeleteDC
CreateCompatibleDC
EnumFontFamiliesExW
GetTextMetricsW
GetTextFaceW
CreateFontIndirectW
BitBlt
CreateCompatibleBitmap
GetPaletteEntries
CreatePalette
GdiFlush
SelectObject
GetFontData
PtInRegion
SelectPalette
RealizePalette
GetStockObject
GetObjectW
CreateEllipticRgn
CreateRectRgn
GetRegionData
CombineRgn
OffsetRgn
DeleteObject
CreateBitmap
GetDeviceCaps
SelectClipRgn

ole32

DoDragDrop
OleUninitialize
OleInitialize
CoCreateGuid
StringFromGUID2
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoTaskMemFree
CoCreateInstance
CoGetMalloc
OleGetClipboard
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CoInitialize
CoUninitialize
ReleaseStgMedium

imm32

ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmNotifyIME
ImmGetCompositionStringW
ImmAssociateContext
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmSetCompositionFontW

Exports

Exports

ExitDll
GetPluginFactory
InitDll
VSTPluginMain
main

Sections

.text
Size: 2.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 621KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.oldrel
Size: 464KB - Virtual size: 462KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.utopia
Size: 204KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.auPack
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Xpand - Copy/Plugins/Xpand!2_x64.dll
.dll windows:4 windows x64 arch:x64

Password: infected

1f7c2ed1eca0126b03b0bd0fad228dea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
GetStdHandle
PeekNamedPipe
GetOverlappedResult
TryEnterCriticalSection
FindClose
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalSize
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
OutputDebugStringA
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
FindFirstFileExW
FindNextFileW
GetUserDefaultUILanguage
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
GetFileAttributesExW
DeviceIoControl
GetTempPathW
GetFullPathNameW
DeleteFileW
MoveFileW
CopyFileW
GetCurrentDirectoryW
GetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
GetFileInformationByHandle
FindFirstFileW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentProcess
DuplicateHandle
CreateThread
WaitForMultipleObjects
TlsGetValue
ResumeThread
TlsSetValue
SetThreadPriority
TerminateThread
TlsAlloc
Sleep
SwitchToThread
TlsFree
ResetEvent
GetCurrentThread
GetThreadPriority
SetEvent
CreateEventW
UnmapViewOfFile
CreateFileMappingW
GetSystemInfo
MapViewOfFile
GetLogicalDrives
SetEndOfFile
CreateFileW
SetFilePointer
WriteFile
ReadFile
SetFilePointerEx
GetDriveTypeA
GetFileType
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
GetCurrentThreadId
GetLocalTime
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
GetSystemDirectoryW
GetVersionExW
FormatMessageW
LocalFree
CreateSemaphoreW
WaitForSingleObject
ReleaseSemaphore
GetCurrentProcessId
GetUserDefaultLCID
CompareStringW
GetDriveTypeW
lstrlenA
ExitProcess
CreateProcessW
CloseHandle
ExpandEnvironmentStringsW
IsValidLanguageGroup
IsValidLocale
GetLongPathNameW
GetUserDefaultLangID
GetLocaleInfoW
GetLastError
GetProcAddress
GetModuleHandleW
GetStartupInfoW
GetVolumeInformationW
SetErrorMode

user32

GetClassNameW
RegisterWindowMessageA
DispatchMessageW
MsgWaitForMultipleObjectsEx
RegisterClassW
GetWindowLongPtrW
GetQueueStatus
KillTimer
SetTimer
CharNextExA
SetClipboardViewer
ChangeClipboardChain
GetClipboardFormatNameW
LoadIconW
GetMenu
GetKeyboardState
SetMenuItemInfoW
TrackPopupMenuEx
MapVirtualKeyW
ToAscii
ToUnicode
GetKeyboardLayout
DestroyCaret
SetCaretPos
CreateCaret
HideCaret
TranslateMessage
GetKeyboardLayoutList
RegisterWindowMessageW
GetAsyncKeyState
RegisterClipboardFormatW
CreateCursor
SetCursorPos
DestroyCursor
GetIconInfo
DrawIconEx
GetClassInfoW
LoadImageW
GetSysColorBrush
RegisterClassExW
GetCursorPos
DefWindowProcW
GetWindowRgn
UnregisterClassW
ClipCursor
GetUpdateRect
InvalidateRgn
BeginPaint
EndPaint
GetAncestor
GetSysColor
GetDoubleClickTime
SetDoubleClickTime
SetCaretBlinkTime
PeekMessageW
PostMessageW
GetKeyState
GetCaretBlinkTime
FlashWindowEx
MessageBeep
CharLowerA
CharLowerW
EnumWindows
PostThreadMessageW
GetWindowThreadProcessId
SendMessageA
WindowFromPoint
GetParent
SystemParametersInfoW
SetWindowLongPtrW
GetDesktopWindow
CreateWindowExW
GetSystemMenu
EnableMenuItem
SetParent
ValidateRgn
GetClientRect
GetWindowPlacement
SetWindowPlacement
GetWindowRect
IsWindowVisible
IsIconic
IsZoomed
MoveWindow
InvalidateRect
ShowWindow
ScreenToClient
ClientToScreen
DestroyWindow
SetCursor
SetWindowsHookExW
SetCapture
GetSystemMetrics
SendMessageW
SetWindowTextW
SetWindowRgn
ScrollWindowEx
UpdateWindow
SetWindowPos
SetForegroundWindow
ReleaseCapture
UnhookWindowsHookEx
AdjustWindowRectEx
DestroyIcon
CallNextHookEx
ReleaseDC
GetDC
GetWindowLongW
SetWindowLongW
GetActiveWindow
IsChild
GetFocus
SetFocus
CreateIconIndirect

shell32

ShellExecuteW
SHGetFileInfoW
SHGetFolderPathA

comdlg32

GetSaveFileNameW

advapi32

RegQueryValueExW
FreeSid
CopySid
GetLengthSid
GetTokenInformation
OpenProcessToken
RegCreateKeyExW
RegFlushKey
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW

ws2_32

WSAAsyncSelect

msvcp80

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KPEBD_K@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KD_K@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD_K@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PEBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA?AV12@_K0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@AEBV10@PEBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@AEBV10@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2_KB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@PEBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@D@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KPEBD_K1@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAX_K@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PEBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?uncaught_exception@std@@YA_NXZ
?deallocate@?$allocator@D@std@@QEAAXPEAD_K@Z
?construct@?$allocator@D@std@@QEAAXPEADAEBD@Z
?allocate@?$allocator@D@std@@QEAAPEAD_K@Z
?destroy@?$allocator@D@std@@QEAAXPEAD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@AEBV01@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?endl@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@1@AEAV21@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PEBDAEBV10@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V32@0@Z

msvcr80

_ftelli64
getenv
sscanf
fflush
sprintf
exit
log10
_close
strcpy_s
strstr
isdigit
isspace
_setjmp
longjmp
log
toupper
acos
calloc
??0exception@std@@QEAA@AEBQEBDH@Z
sscanf_s
pow
atan2
_flushall
atan
tan
__iob_func
fprintf
floor
cos
_lseeki64
sqrt
ceil
strchr
malloc
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memmove
??0exception@std@@QEAA@AEBV01@@Z
_strnicmp
_environ
memchr
srand
rand
getenv_s
__RTDynamicCast
_get_tzname
_tzset
_wgetenv
printf
__C_specific_handler
_mktime64
_localtime64_s
_gmtime64_s
_errno
_read
_fseeki64
feof
fgets
_write
_get_osfhandle
_fileno
_open_osfhandle
asin
_endthreadex
_beginthreadex
_wchmod
_wcsicmp
_wcsnicmp
_waccess
strtok
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@XZ
strncat
exp
fmod
powf
tanf
sinf
cosf
isupper
isalpha
_control87
_clearfp
_wassert
strerror
tolower
_snprintf
vsprintf
strncpy
??0exception@std@@QEAA@AEBQEBD@Z
_vsnprintf
strtod
strtol
atoi
vfprintf
_stricmp
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
__clean_type_info_names_internal
?_name_internal_method@type_info@@QEBAPEBDPEAU__type_info_node@@@Z
_malloc_crt
_initterm
_initterm_e
_encoded_null
_amsg_exit
__CppXcptFilter
?terminate@@YAXXZ
_vsnprintf_s
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
fmodf
log10f
logf
sin
expf
fwrite
fopen
ftell
??_V@YAXPEAX@Z
fread
fseek
free
realloc
memcmp
memset
_CxxThrowException
__CxxFrameHandler3
memcpy
strncmp
memmove_s
_purecall
fclose

gdi32

CreateFontIndirectW
GetTextFaceW
GetTextMetricsW
EnumFontFamiliesExW
GetOutlineTextMetricsW
ExtTextOutW
SetTextAlign
SetBkMode
SetTextColor
GetGlyphOutlineW
SetWorldTransform
SetGraphicsMode
GetFontData
GetCharABCWidthsFloatW
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
SelectObject
DeleteDC
CreateBitmap
GetCharABCWidthsI
GetCharABCWidthsW
GetPaletteEntries
CreatePalette
GdiFlush
CreateDIBSection
GetDIBits
PtInRegion
SelectPalette
RealizePalette
GetStockObject
GetObjectW
CreateEllipticRgn
CreateRectRgn
GetRegionData
GetDeviceCaps
CombineRgn
OffsetRgn
GetTextExtentPoint32W
DeleteObject

ole32

DoDragDrop
OleUninitialize
OleInitialize
CoCreateGuid
StringFromGUID2
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoTaskMemFree
CoCreateInstance
CoGetMalloc
OleGetClipboard
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CoInitialize
CoUninitialize
ReleaseStgMedium

imm32

ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmNotifyIME
ImmGetCompositionStringW
ImmAssociateContext
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmSetCompositionFontW

Exports

Exports

GetPluginFactory
VSTPluginMain
main

Sections

.text
Size: 3.1MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 771KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 588KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.oldrel
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.utopia
Size: 25KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.auPack
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Xpand - Copy/Setup/ContentComponents.msi
.msi

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

103bad249b360125529cae039d4dac04

Headers

File Characteristics

Imports

kernel32

shlwapi

user32

Sections

.code Size: 512B - Virtual size: 165B

.data Size: 1024B - Virtual size: 524B

.idata Size: 512B - Virtual size: 302B

.rsrc Size: 99KB - Virtual size: 98KB

Password: infected

3bacae927fc12054421c9a4c78123175

Headers

File Characteristics

Imports

kernel32

user32

shell32

comdlg32

advapi32

ws2_32

msvcp80

msvcr80

gdi32

ole32

imm32

Exports

Exports

Sections

.text Size: 2.7MB - Virtual size: 5.7MB

.rdata Size: 3.6MB - Virtual size: 3.6MB

.data Size: 88KB - Virtual size: 621KB

.rsrc Size: 88KB - Virtual size: 87KB

.oldrel Size: 464KB - Virtual size: 462KB

.utopia Size: 204KB - Virtual size: 516KB

.auPack Size: 4KB - Virtual size: 4KB

Password: infected

1f7c2ed1eca0126b03b0bd0fad228dea

Headers

File Characteristics

Imports

kernel32

user32

shell32

comdlg32

advapi32

ws2_32

msvcp80

msvcr80

gdi32

ole32

imm32

Exports

Exports

Sections

.text Size: 3.1MB - Virtual size: 7.5MB

.rdata Size: 5.0MB - Virtual size: 5.0MB

.data Size: 87KB - Virtual size: 771KB

.pdata Size: 588KB - Virtual size: 588KB

.rsrc Size: 88KB - Virtual size: 87KB

.oldrel Size: 139KB - Virtual size: 139KB

.utopia Size: 25KB - Virtual size: 516KB

.auPack Size: 4KB - Virtual size: 4KB

.code
Size: 512B - Virtual size: 165B

.data
Size: 1024B - Virtual size: 524B

.idata
Size: 512B - Virtual size: 302B

.rsrc
Size: 99KB - Virtual size: 98KB

.text
Size: 2.7MB - Virtual size: 5.7MB

.rdata
Size: 3.6MB - Virtual size: 3.6MB

.data
Size: 88KB - Virtual size: 621KB

.rsrc
Size: 88KB - Virtual size: 87KB

.oldrel
Size: 464KB - Virtual size: 462KB

.utopia
Size: 204KB - Virtual size: 516KB

.auPack
Size: 4KB - Virtual size: 4KB

.text
Size: 3.1MB - Virtual size: 7.5MB

.rdata
Size: 5.0MB - Virtual size: 5.0MB

.data
Size: 87KB - Virtual size: 771KB

.pdata
Size: 588KB - Virtual size: 588KB

.rsrc
Size: 88KB - Virtual size: 87KB

.oldrel
Size: 139KB - Virtual size: 139KB

.utopia
Size: 25KB - Virtual size: 516KB

.auPack
Size: 4KB - Virtual size: 4KB