b9b3fe362de07781118649ecd51d2f8f

Sharing

Copy URL Twitter E-mail

General

Target

b9b3fe362de07781118649ecd51d2f8f
Size

6.6MB
MD5

b9b3fe362de07781118649ecd51d2f8f
SHA1

36befeab44e1f61c2718c5571fc5dc59953b79e5
SHA256

f2012af3b7c920273fe83e2024e12f3e3b4231596e6cebec4f8e0d82739c07da
SHA512

dc87c5292243d18a23f02cc1d449f2d19ea7a3d9ae25f070794d59f50270daa5c20186cf70a37afc5304e189015077f5edb9866dda1110efff7b7075ad4434d9
SSDEEP

196608:tuyu6ntN6O11URNengtBmnxKCr8h/B7Gu0yrFDOlv:tNuitso/gtBmuNBN0v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9b3fe362de07781118649ecd51d2f8f

Files

b9b3fe362de07781118649ecd51d2f8f
.exe windows:6 windows x86 arch:x86

e7e11d1645947955d817f2c88314aa4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MulDiv
FlushFileBuffers
lstrcpynA
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
GlobalFindAtomA
GlobalGetAtomNameA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapSize
GetACP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
InterlockedExchange
GetLastError
GetVersionExA
GetTempPathA
GetWindowsDirectoryA
lstrcpyA
GetSystemDirectoryA
VerLanguageNameA
SetLastError
lstrcatA
LockResource
LoadResource
FindResourceA
GetVersion
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
LCMapStringA
FreeLibrary
GetCommandLineA
SetEndOfFile
WriteFile
WritePrivateProfileStringA
GetLocalTime
GlobalFree
GetUserDefaultLCID
GetEnvironmentVariableA
GetPrivateProfileStringA
CreateFileA
GetFileSize
ReadFile
GetModuleFileNameA
GetTickCount
IsBadReadPtr
ExitProcess
GetModuleHandleA
HeapReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
DeleteCriticalSection
TryEnterCriticalSection
SetCriticalSectionSpinCount
WaitForMultipleObjects
lstrcmpW
lstrcmpiA
HeapDestroy
HeapCreate
GetAtomNameW
GetModuleFileNameW
GetCommandLineW
GetModuleHandleW
ResetEvent
CreateEventA
GetExitCodeThread
SetThreadAffinityMask
RtlZeroMemory
InitializeCriticalSectionAndSpinCount
lstrcatW
lstrcmpiW
lstrcmpA
lstrlenW
lstrlenA
HeapFree
InterlockedDecrement
InterlockedIncrement
RtlMoveMemory
InitializeCriticalSection
LocalSize
HeapAlloc
GetProcessHeap
VirtualFree
VirtualAlloc
VirtualQuery
Module32Next
SetWaitableTimer
CreateWaitableTimerA
WriteProcessMemory
CloseHandle
ReadProcessMemory
VirtualQueryEx
GetProcAddress
LoadLibraryA
SetFilePointer
DeviceIoControl
LocalFree
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
Process32First
Module32First
Process32Next
CreateToolhelp32Snapshot
Sleep
WideCharToMultiByte
MultiByteToWideChar
lstrcpyn
VirtualProtect
CreateThread
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
OpenProcess
GlobalAddAtomA
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

shlwapi

StrToIntExW
wvnsprintfW
StrToIntW
StrTrimW
PathFindFileNameW
PathRemoveFileSpecW

ws2_32

WSAStartup

user32

GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
CreateWindowExA
GetClassLongA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
GetWindowPlacement
IsDialogMessageA
SendDlgItemMessageA
SetWindowTextA
GetDlgCtrlID
UnregisterClassA
CreateDialogIndirectParamA
UnhookWindowsHookEx
GrayStringA
TabbedTextOutA
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
SetMenuItemBitmaps
EnableMenuItem
GetKeyState
CallNextHookEx
SetWindowsHookExA
GetLastActivePopup
PostMessageA
SetActiveWindow
GetActiveWindow
GetForegroundWindow
WindowFromPoint
GetWindow
PtInRect
GetWindowLongA
EnumWindows
GetWindowTextA
FindWindowExA
GetCursorPos
SetWindowLongA
SystemParametersInfoA
FindWindowA
keybd_event
GetClassNameA
SendMessageA
VkKeyScanExA
GetKeyboardLayout
CopyRect
AdjustWindowRectEx
LoadStringA
PostThreadMessageA
LoadIconA
LoadCursorA
ExitWindowsEx
RegisterClipboardFormatA
GetSysColorBrush
LoadImageW
CreateIconFromResourceEx
DrawIconEx
UpdateLayeredWindow
SystemParametersInfoW
RegisterWindowMessageW
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
LoadIconW
EnumPropsExW
RemovePropA
RemovePropW
GetPropA
GetPropW
SetPropA
SetPropW
KillTimer
SetTimer
MessageBoxW
SetWindowTextW
SetParent
MoveWindow
UpdateWindow
ValidateRect
ScreenToClient
GetIconInfo
CopyIcon
PostMessageW
CallWindowProcW
CreateMDIWindowW
DialogBoxParamW
CreateDialogParamW
EndDialog
DialogBoxIndirectParamW
DestroyWindow
SetClassLongW
GetClassLongW
CreateDialogIndirectParamW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
PostQuitMessage
DispatchMessageW
TranslateMessage
IsDialogMessageW
TranslateAcceleratorW
TranslateMDISysAccel
IsChild
GetMessageW
GetFocus
DrawFrameControl
SendMessageTimeoutA
GetWindowThreadProcessId
ShowWindow
SetForegroundWindow
DrawFocusRect
SetRect
MapWindowPoints
InvalidateRect
CreateMenu
ClientToScreen
FillRect
GetWindowDC
DefWindowProcW
OffsetRect
CreatePopupMenu
GetSystemMenu
LoadMenuW
GetMenuInfo
DestroyMenu
GetMenuItemCount
GetMenuItemInfoW
AppendMenuW
InsertMenuW
SetMenuInfo
GetSubMenu
GetMenuItemID
CheckMenuRadioItem
TrackPopupMenu
GetMenuStringW
GetMenuItemRect
GetMenuState
GetMenuDefaultItem
MenuItemFromPoint
RemoveMenu
CheckMenuItem
SetMenuItemInfoW
SetMenuDefaultItem
LoadStringW
CharUpperW
CharLowerW
MessageBoxA
wsprintfA
DispatchMessageA
GetMessageA
PeekMessageA
SetWindowPos
MsgWaitForMultipleObjects
wvsprintfA
SetWindowRgn
BeginPaint
EndPaint
TrackMouseEvent
GetDlgItem
GetAncestor
SetWindowLongW
GetAsyncKeyState
IsWindow
ReleaseDC
DrawTextA
GetDC
SetFocus
GetNextDlgTabItem
GetWindowRect
EnableWindow
IsWindowEnabled
IsWindowVisible
GetSysColor
DestroyAcceleratorTable
DestroyIcon
LoadCursorW
ReleaseCapture
SetCapture
GetClientRect
SetCursor
DestroyCursor
SendMessageW
GetWindowLongW
GetParent
GetWindowTextW
GetWindowTextLengthW
GetClassNameW
FindWindowExW
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
CreatePatternBrush
CreateEllipticRgn
GetDIBits
CreateFontIndirectW
GetObjectW
StretchBlt
SetStretchBltMode
GetStretchBltMode
CreateDIBSection
CreateCompatibleDC
BitBlt
CreateRoundRectRgn
SetViewportOrgEx
CreateSolidBrush
GetStockObject
SetBkColor
SetBkMode
SetTextColor
DeleteDC
SelectObject
DeleteObject
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

CommandLineToArgvW
DragAcceptFiles
Shell_NotifyIconW
DragFinish
DragQueryFileW
ShellExecuteA
SHGetSpecialFolderPathA

comctl32

InitCommonControlsEx
ord17

ole32

CLSIDFromProgID
CoCreateInstance
OleRun
CLSIDFromString
GetHGlobalFromStream
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoUninitialize
CoInitialize

wininet

InternetOpenA
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetTimeToSystemTime

gdiplus

GdipVectorTransformMatrixPoints
GdipTransformMatrixPoints
GdipShearMatrix
GdipScaleMatrix
GdipInvertMatrix
GdipMultiplyMatrix
GdipGetMatrixElements
GdipSetMatrixElements
GdipCloneMatrix
GdipCreateMatrix3
GdipCreateMatrix2
GdipGetRegionScans
GdipGetRegionScansCount
GdipIsVisibleRegionRect
GdipIsVisibleRegionPoint
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsEmptyRegion
GdipGetRegionHRgn
GdipGetRegionData
GdipGetRegionDataSize
GdipGetRegionBounds
GdipTransformRegion
GdipTranslateRegion
GdipCombineRegionPath
GdipCombineRegionRegion
GdipCombineRegionRect
GdipSetEmpty
GdipSetInfinite
GdipCloneRegion
GdipCreateRegionRgnData
GdipCreateRegionHrgn
GdipCreateRegionPath
GdipCreateRegionRect
GdipRotateMatrix
GdipTranslateMatrix
GdipBitmapSetResolution
GdipCloneBitmapArea
GdipCreateBitmapFromResource
GdipCreateBitmapFromHICON
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromGdiDib
GdipPrivateAddMemoryFont
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipGetGenericFontFamilySerif
GdipGetGenericFontFamilyMonospace
GdipGetFamilyName
GdipIsStyleAvailable
GdipGetEmHeight
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipCreateFromHWND
GdipIsOutlineVisiblePathPoint
GdipIsVisiblePathPoint
GdipWarpPath
GdipWindingModeOutline
GdipWidenPath
GdipFlattenPath
GdipGetPathWorldBounds
GdipTransformPath
GdipAddPathString
GdipAddPathPath
GdipAddPathPolygon
GdipAddPathPie
GdipAddPathEllipse
GdipAddPathRectangle
GdipAddPathClosedCurve2
GdipAddPathClosedCurve
GdipAddPathCurve2
GdipAddPathCurve
GdipAddPathBezier
GdipAddPathArc
GdipAddPathLine
GdipGetPathLastPoint
GdipReversePath
GdipClearPathMarkers
GdipSetPathMarker
GdipClosePathFigures
GdipClosePathFigure
GdipStartPathFigure
GdipGetPathData
GdipGetPointCount
GdipSetPathFillMode
GdipGetPathFillMode
GdipResetPath
GdipClonePath
GdipCreatePath2
GdipCreatePath
GdipGetFontHeightGivenDPI
GdipGetFontHeight
GdipGetFontUnit
GdipGetFontSize
GdipGetFontStyle
GdipGetFamily
GdipGetLogFontA
GdipGetLogFontW
GdipCloneFont
GdipGetLineSpacing
GdipCreateFontFromDC
GdipDeleteFontFamily
GdipDeletePrivateFontCollection
GdipCreateFontFromLogfontW
GdipGetCellAscent
GdipGetSolidFillColor
GdipSetSolidFillColor
GdipCreateSolidFill
GdipIsMatrixInvertible
GdipCloneBrush
GdipGetStringFormatMeasurableCharacterRangeCount
GdipSetStringFormatMeasurableCharacterRanges
GdipGetStringFormatDigitSubstitution
GdipSetStringFormatDigitSubstitution
GdipGetStringFormatTabStops
GdipGetStringFormatTabStopCount
GdipSetStringFormatTabStops
GdipGetStringFormatHotkeyPrefix
GdipSetStringFormatHotkeyPrefix
GdipGetStringFormatTrimming
GdipSetStringFormatTrimming
GdipGetStringFormatLineAlign
GdipSetStringFormatLineAlign
GdipGetStringFormatAlign
GdipSetStringFormatAlign
GdipGetStringFormatFlags
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipStringFormatGetGenericDefault
GdipCreateStringFormat
GdipCreateHICONFromBitmap
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipGetImageThumbnail
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageBounds
GdipGetImageDimension
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToStream
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipCloneImage
GdipLoadImageFromStream
GdipLoadImageFromFile
GdipEndContainer
GdipBeginContainer2
GdipBeginContainer
GdipRestoreGraphics
GdipSaveGraphics
GdipIsVisibleRect
GdipIsVisiblePoint
GdipIsVisibleClipEmpty
GdipIsClipEmpty
GdipGetVisibleClipBounds
GdipGetClipBounds
GdipGetClip
GdipTranslateClip
GdipResetClip
GdipSetClipHrgn
GdipSetClipRegion
GdipSetClipRect
GdipSetClipPath
GdipSetClipGraphics
GdipDrawImagePointsRect
GdipDrawImagePointRect
GdipDrawImagePoints
GdipDrawImageRect
GdipDrawImageRectRect
GdipDrawImage
GdipDrawDriverString
GdipMeasureCharacterRanges
GdipCreateRegion
GdipMeasureString
GdipDrawString
GdipFillRegion
GdipFillClosedCurve2
GdipFillClosedCurve
GdipFillPath
GdipFillPie
GdipFillEllipse
GdipFillPolygon
GdipGraphicsClear
GdipDrawClosedCurve2
GdipDrawClosedCurve
GdipDrawCurve2
GdipDrawCurve
GdipDrawPath
GdipDrawPolygon
GdipDrawPie
GdipDrawEllipse
GdipDrawRectangle
GdipDrawBezier
GdipDrawArc
GdipDrawLine
GdipGetNearestColor
GdipTransformPointsI
GdipTransformPoints
GdipGetDpiY
GdipGetDpiX
GdipGetPageScale
GdipSetPageScale
GdipGetPageUnit
GdipSetPageUnit
GdipRotateWorldTransform
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipDeleteMatrix
GdipGetWorldTransform
GdipSetWorldTransform
GdipGetPixelOffsetMode
GdipSetPixelOffsetMode
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipGetInterpolationMode
GdipSetInterpolationMode
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipReleaseDC
GdipIsMatrixIdentity
GdipIsMatrixEqual
GdipNewInstalledFontCollection
GdipNewPrivateFontCollection
GdipGetBrushType
GdipPrivateAddFontFile
GdipDeleteBrush
GdipFillRectangle
GdipCreateTexture
GdipCreateFont
GdipGetCellDescent
GdipCreateFontFromLogfontA
GdipGetDC
GdipFlush
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipSetImageAttributesColorMatrix
GdipGetImageAttributesAdjustedPalette
GdipSetImageAttributesWrapMode
GdipSetImageAttributesRemapTable
GdipSetImageAttributesOutputChannelColorProfile
GdipSetImageAttributesOutputChannel
GdipSetImageAttributesColorKeys
GdipSetImageAttributesGamma
GdipSetImageAttributesNoOp
GdipSetImageAttributesThreshold
GdipResetImageAttributes
GdipSetImageAttributesToIdentity
GdipCloneImageAttributes
GdipCreateImageAttributes
GdiplusStartup
GdipDeleteRegion
GdipDeletePath
GdipDeleteFont
GdipDeleteStringFormat
GdipDisposeImage
GdipDeleteGraphics
GdipDisposeImageAttributes
GdipCreateMatrix

uxtheme

DrawThemeBackground
CloseThemeData
OpenThemeData

atl

ord42

crypt32

CryptStringToBinaryW

msimg32

AlphaBlend

oledlg

ord8

oleaut32

SafeArrayDestroy
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VariantChangeType
VarR8FromBool
VarR8FromCy
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElemsize
SysFreeString

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

wtsapi32

WTSSendMessageW

Exports

Exports

fմ��f��6ik��.�C�p��sz��7ڟ��nOJ�V;�o]��Tf��^4��R@��K�Kr��m�}�=ݼ�`�@�bu�-��6��M ��a�Г��"�SG_�J$�7R*�#��x��bn( @��~�D��(Tt��y��@�Ʀ\0�/cc�X턶��.��/73�`G��eQ�:[�� A%D|{��M4�v�y�Ѭiy�BSLROK�`�/��}��=��^�m*�P��<��=��K�T��o�o_2�튎�x$�T�[ E ��WZ�ϓ�q��_F�ĥ��+�QL��.Prן)�r��B��״[�i��q�M��v\�R�0��c��.�GΜ[�;Lb�V*�ΛOFC�S Utk��ӯ��5��HR[L�V��+�4\��lQ��Q�e�'ge��W��T��쟉��vF��?��0��\mܯ�P��>� X kV�TrO̬\��UU�~�n^cn��P9��2E��]�1T��刃<��/>`.��R�!�ɔD2�8��I��O�[�,��e��d��J[K\��9R{gnI�8�0�w�m�:��bW�d� q��g��t�X6�T�J��7��ӌm��Ϣ�1�-��m�&�j_�比_�q��V�~��/�6`fwC�f2�_f��5QH ��~��! �R�>��IME��ҍ��8Ӕ=Mއ��%G��ᕬg�N�l8kd�I$ ��Q��W�r�q�¦_��[q��8Η�M�s�V�qH>&��f!o��Z �Jx��z�p~�_݈Wq��l�:�@�U��R�� 97�M~/��c �'f�O[Ѭ0�|��*46��BMk��?]�Qt8 ��i��<��I&D6x'7�Z �_F�x_��J�L�*�4v��OuL�g��h�I�a��kpt�'N�%N��}��<V8��mp��4�~�m��^��ú�cG��Gt'_�ѱ�b!jaD�V��@� �c�\J��KP��t�e@��c��%]�|�b�� LZ�{��=�G�ߤc@�M��B߈��4 v�3�U�c��s��p�7*�'�l䑖R�re(��ۨ9�B��*�\-͎�"J,:��z]��i��;��PC��U�XL�t��! w�g��∰I�%u"jN� �{��1��yAl��RB��a�rwd7UV!��Lf[�~�� M��f��|��r�{ �b�!��3��Y�1k�uN��AB�u��Rj��kG?m�&�p��l$��c4�vX��U[]O�vNZ�L%H��^��GkX��dO�T�p��43�zX�&��U�|@w1�²��ɏ�P�O'��b��R��j��j��#^#"�w]�ORڸ�a��=]�N! ��,(��}GR�2a�r�Iv�(UAu:+3�`��?,�/��Oh8]�?�{��"fb��Bm�U��tM��L�!��[��8�i�Z�P|oo6YoK��4��¡�/��"��;�=��L�K��N>�Ū~��7�(�Y��X�=��(Ɠ��?�A��R-�J�O��W ��t� Zq��a��u�=��S��2眑z.25r��U}�_�i��|�~��9��"DuYA�B��{�U/�,�KF�^��6}3l|�%�� =��?nT�B+&��֒@e-��d�qX�>UGn��0�r�EL{�/)��'C��)n>{��9&ڸ( 2�w�w��e��8 ��t�Ӎ�[��c�)��$�w�:m�W��E��:�J��7C��F\x�#��]��Nq��r��u�'��쑜�J��wX�m��x�)gV>l�}y�9��3��s^qb֎*ɰ��q��e>Ur��|k��q��%��ī��/��8�,&3� � �8�+X⃻sʔ�%��/o�+��[X��o��6�1��94�3�Q��j�9!�J�;��ҭ�%��azB��jC@#Z �9�0�z�()�cH�ˬzj��#1��=�V T-��W�q硦�oz��b��^�qy��b��(d�א<7�{�)�-7�|��S�l�!\\�Ǫ�3x&r�+M��\��x�<��+F��c�0��R�cȴ��_j��Q �x�^�>w�֠*�E��B�Ѽ�A��-�Q��{{En��砂��Y�Qֵ�~8�f 2�$q�ա�F��~� �1!�Sg%��\�t{��m��EI��9I�V��e�aЧ��b]^��]�d��'��D�$��)��"�@{�"��}�B�3��$�A_��E�ɳK�L�a^�6^_<�j꾷e�lw��j��cI5j$�`��]�͇�c��J s��ꦫ��|bvCI��S� �cSc1c�[CDg̭�� X��#x!}��l��a��,�=��$6��R��ѱl��7��!f��'"��ɢ>��Cfd �b"�?�ڒ ��G�8脧�C��*�� 9�l��#(��O�Y[��V9��/�8M��Ȏ8��N�>ԧ#�|zy��[�$e�#0��A�Dn��'(��28�a@b��$��Y*M�z7n׵�&�R�8;��*�^�EXO#�2�ʬ�S�33^`�=vR��H�B:'k��!X��B ��K�~|�� %�)r?�^~V��z�C�Mrћ��%B��-ttu*�W%�c��\[�I��4�i�D�z�t~{��2~f��Im��G�{�˴�*�-k��JA-�9�k�Sb��]��W^�6FC��uH 龶�덊�}ό]��{��3�D�h��2Z��W��\��#�Ma��LD�l��l��j�i<��ҫB� �J��'�

Sections

��
Size: - Virtual size: 54KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: - Virtual size: 22KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: - Virtual size: 172B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HeiYu1
Size: - Virtual size: 480B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.HeiYu0
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

��
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HeiYu2
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.HeiYu3
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7e11d1645947955d817f2c88314aa4c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

ws2_32

user32

gdi32

advapi32

shell32

comctl32

ole32

wininet

gdiplus

uxtheme

atl

crypt32

msimg32

oledlg

oleaut32

version

winspool.drv

wtsapi32

Exports

Exports

Sections

������ Size: - Virtual size: 54KB

������ Size: - Virtual size: 22KB

������ Size: - Virtual size: 4KB

������ Size: - Virtual size: 172B

.HeiYu1 Size: - Virtual size: 480B

.HeiYu0 Size: - Virtual size: 3KB

������ Size: - Virtual size: 1.6MB

.HeiYu2 Size: - Virtual size: 4.3MB

.HeiYu3 Size: 6.6MB - Virtual size: 6.6MB

.rsrc Size: 512B - Virtual size: 469B

��
Size: - Virtual size: 54KB

��
Size: - Virtual size: 22KB

��
Size: - Virtual size: 4KB

��
Size: - Virtual size: 172B

.HeiYu1
Size: - Virtual size: 480B

.HeiYu0
Size: - Virtual size: 3KB

��
Size: - Virtual size: 1.6MB

.HeiYu2
Size: - Virtual size: 4.3MB

.HeiYu3
Size: 6.6MB - Virtual size: 6.6MB

.rsrc
Size: 512B - Virtual size: 469B