d4b4ddf138e36d1805ab994f166dee02

Sharing

Copy URL Twitter E-mail

General

Target

d4b4ddf138e36d1805ab994f166dee02
Size

3.0MB
MD5

d4b4ddf138e36d1805ab994f166dee02
SHA1

bf1c29dffe19b246ffd9f2b152a5620161431580
SHA256

43dde89748b790b02e6d07f028ad90832bc074803a32eece72f751d5b3bdcc3b
SHA512

ad6d08329c3b29d3de444bf6001582526dd3e76d321d64892f7f415b5e23e20498e061704c3ae31b5a74d31f570dca8824607392f82e4549772cd19be38e76a7
SSDEEP

98304:eOUSy5U69d1bRrrTpYVXrv/Xy6RVA/xi7nRiDngZZ:zUSq9XRrJYV7vdZfZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Charset.dll
unpack001/DiskGenius.exe
unpack001/Hdrw.dll
unpack001/HdrwImg.dll
unpack001/Hdrwnt.dll
unpack001/Hdrwvm.dll
unpack001/update.dll
unpack001/update.exe

Files

d4b4ddf138e36d1805ab994f166dee02
.rar
Charset.dll
.dll windows:4 windows x86 arch:x86

991e0b0847418210a6ac7be9734bbeb6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte

msvcrt

??3@YAXPAX@Z
wcslen
??2@YAPAXI@Z
wcscpy
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

Char2UTF8
Char2Unicode
Char2WChar
DOSName2WChar
TChar2WChar
UTF82Char
UTF82WChar
Unicode2Char
WChar2Char
WChar2DOSName
WChar2TChar
WChar2UTF8

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 650B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DiskGenius.exe
.exe windows:4 windows x86 arch:x86

446428d1843165549bf550a8a697b94c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hdrw

Hdrw_CreateShadowPartition
Hdrw_GetPartitionByIndex
Hdrw_GetPartitionCount
Hdrw_IsLVMPhysicalVolume
Hdrw_GetShadowPartition
Hdrw_IsZipDisk
Hdrw_IsFddDisk
Hdrw_IsHiddenPartition
Hdrw_IsPartitionObject
Hdrw_IsLogicalPartition
Hdrw_GetLVMLogicalVolume
Hdrw_GetLogicalVolumeCount
Hdrw_Initialize
Hdrw_Close
Hdrw_FormatUnixAttributeString
Hdrw_GetHardDiskIndex
Hdrw_GetLVMVolumeGroup
Hdrw_IsLVMLogicalVolume
Hdrw_GetLVMVolumeGroupByIndex
Hdrw_GetLVMVolumeGroupCount
Hdrw_RefreshPartitions
Hdrw_RefreshHardDisks
Hdrw_RemoveDriveLetter
Hdrw_GetPartition
Hdrw_AssignDriveLetter
Hdrw_SavePartitionTable
Hdrw_SetActivePartition
Hdrw_GetActivePartition
Hdrw_CreateNewPartition
Hdrw_IsDynamicDisk
Hdrw_GetPrimaryPartitionCount
Hdrw_PartitionHasShadow
Hdrw_DeletePartition
Hdrw_DisMountPartition
Hdrw_SearchDeletedFiles
Hdrw_UnregisterChangeNotification
Hdrw_UnlockAllPartitions
Hdrw_UnlockPartition
Hdrw_ChangePartitionType
Hdrw_RemoveVolume
Hdrw_IsSupportedByWindows
Hdrw_IsJustFormated
Hdrw_ReloadDiskPartitions
Hdrw_CloseAllObjectHandles
Hdrw_HidePartition
Hdrw_DeleteTree
Hdrw_OpenVirtualDiskFile
Hdrw_CloseVirtualDiskFile
Hdrw_RebuildMBR
Hdrw_ChangePartitionParameters
Hdrw_GetPartitionExtentRange
Hdrw_FlushDiskCache
Hdrw_ConvertDiskToHddMode
Hdrw_ConvertDiskToFddMode
Hdrw_SetDiskGeometry
Hdrw_SetMediaTypeFloppy
Hdrw_BackupPartitionTable
Hdrw_RestorePartitionTable
Hdrw_LoadPartitionTableFromFile
Hdrw_GetLVMPartitionName
Hdrw_GetPartitionSequenceNo
Hdrw_SetDeviceNotifyWindow
Hdrw_LVMGetVGInfo
Hdrw_LVMGetPVInfo
Hdrw_GetExt3SuperBlock
Hdrw_GetPartitionInfo
Hdrw_GetSectorNumber
Hdrw_GetTotalClusters
Hdrw_GetClusterSize
Hdrw_ReloadPartition
Hdrw_SearchLostPartitions
Hdrw_QuickFormat
Hdrw_GetPartitionParameters
Hdrw_PartitionTableNotSaved
Hdrw_GetPhysicalDisk
Hdrw_GetVolumnLabel
Hdrw_IsPrimaryPartition
Hdrw_GetHardDisk
Hdrw_SetObjectData
Hdrw_GetObjectData
Hdrw_IsOpenByVolumeLabel
Hdrw_IsLVMVolumeGroupObject
Hdrw_IsDiskObject
Hdrw_GetDiskCount
Hdrw_CreateVmdkFile
Hdrw_CreateImgDiskFile
Hdrw_ClonePartitionByFilesFrom
Hdrw_ClonePartition
Hdrw_ClonePartitionAllFrom
Hdrw_GetSystemType
Hdrw_CreateFolder
Hdrw_WriteFile
Hdrw_DeleteFile
Hdrw_FileExist
Hdrw_GetCommonPathForSelectedFiles
Hdrw_GetNextSelectedFile
Hdrw_FindOpen
Hdrw_FindNextFile
Hdrw_FindClose
Hdrw_OpenFile
Hdrw_CloseFile
Hdrw_ReadFile
Hdrw_ClonePartitionToFileByFiles
Hdrw_ClonePartitionToFileByLayout
Hdrw_ClonePartitionToFileAll
Hdrw_IsSupportedPartitionType
Hdrw_IsFormattedPartition
Hdrw_OperationSupported
Hdrw_ClonePartitionFromFile
Hdrw_GetDriveLabel
Hdrw_GetTwinPartition
Hdrw_GetErrorString
Hdrw_CloseObjectHandle
Hdrw_CloneDisk
Hdrw_RegisterChangeNotification
Hdrw_GetLastError
Hdrw_GetDiskName
Hdrw_GetDiskPartitionCount
Hdrw_GetDiskPartition
Hdrw_IsExtendPartition
Hdrw_GetSizeString
Hdrw_GetSize
Hdrw_GetUsingSize
Hdrw_GetExtendPartition
Hdrw_GetDiskParameter
Hdrw_GetDefaultClusterSize
Hdrw_GetCHSParameter
Hdrw_GetLBAParameter
Hdrw_GetSectorSize
Hdrw_IsVirtualDiskFile
Hdrw_IsUnixStyleFileAttribute
Hdrw_IsRestoringFiles
Hdrw_GetSelectState
Hdrw_LockPartition
Hdrw_SelectFile

charset

Char2Unicode
Unicode2Char
WChar2TChar

update

U_Init
U_Cancel
U_GetReleaseNote
U_GetDownloadSize
U_CheckUpdate
U_Reset
U_GetNewVersionNumber

mfc42u

ord927
ord535
ord2854
ord6895
ord5977
ord6266
ord1172
ord4768
ord1941
ord472
ord4401
ord818
ord501
ord773
ord5596
ord4270
ord1230
ord6871
ord755
ord5784
ord5871
ord470
ord6211
ord1083
ord4294
ord1143
ord2078
ord537
ord4124
ord4128
ord4292
ord2768
ord2559
ord3714
ord2403
ord2015
ord4213
ord2570
ord4392
ord3397
ord3577
ord5261
ord4370
ord4992
ord2506
ord6048
ord1767
ord4419
ord3592
ord793
ord616
ord641
ord324
ord2293
ord2362
ord2357
ord2350
ord2294
ord4229
ord2634
ord3087
ord6330
ord4847
ord2810
ord6195
ord4704
ord5276
ord3716
ord795
ord2809
ord4219
ord1761
ord2606
ord3297
ord2283
ord2359
ord2290
ord3871
ord2567
ord4390
ord3569
ord2070
ord609
ord2092
ord3870
ord925
ord2108
ord4606
ord4604
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord6655
ord4199
ord2430
ord2858
ord617
ord5297
ord5208
ord296
ord986
ord520
ord4154
ord6113
ord5491
ord2717
ord1817
ord4233
ord4690
ord3053
ord3060
ord6332
ord2502
ord2534
ord5239
ord5736
ord1739
ord5573
ord3167
ord5649
ord4414
ord4947
ord4852
ord2391
ord4381
ord3449
ord3193
ord6076
ord6171
ord4617
ord4420
ord652
ord338
ord4817
ord6238
ord6193
ord1833
ord4236
ord4583
ord4582
ord4893
ord4364
ord4886
ord4527
ord5070
ord4334
ord4341
ord4883
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord6050
ord5236
ord5277
ord3743
ord1718
ord2083
ord4426
ord364
ord784
ord5256
ord6127
ord6212
ord5673
ord3490
ord6777
ord4714
ord5031
ord6150
ord2522
ord4358
ord4051
ord5467
ord4116
ord2381
ord5230
ord6365
ord5275
ord5244
ord2436
ord809
ord556
ord384
ord686
ord6874
ord541
ord3281
ord2857
ord2088
ord2836
ord2099
ord858
ord5436
ord6379
ord6390
ord1834
ord4237
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord2641
ord1658
ord4430
ord4421
ord796
ord674
ord529
ord366
ord2447
ord4718
ord2486
ord2619
ord2618
ord5867
ord4282
ord2115
ord5996
ord2109
ord4158
ord6617
ord4451
ord5248
ord5278
ord6205
ord5024
ord5233
ord1854
ord4215
ord2576
ord3649
ord1637
ord2914
ord860
ord2442
ord2558
ord5783
ord4078
ord1197
ord3084
ord3701
ord3568
ord2579
ord4400
ord3724
ord804
ord4262
ord4524
ord5681
ord3269
ord3348
ord3574
ord439
ord736
ord4517
ord4522
ord4538
ord4536
ord4519
ord2372
ord2235
ord1795
ord298
ord620
ord4225
ord4448
ord1856
ord3696
ord772
ord500
ord1702
ord5147
ord4279
ord1857
ord816
ord2706
ord4018
ord2561
ord6597
ord562
ord6456
ord5651
ord3215
ord2759
ord5856
ord6138
ord3981
ord3516
ord6398
ord4394
ord3625
ord682
ord5674
ord5782
ord5732
ord3688
ord5617
ord801
ord5597
ord5869
ord6754
ord613
ord289
ord2644
ord1662
ord6879
ord6667
ord4688
ord5142
ord1081
ord415
ord2754
ord5603
ord5593
ord5601
ord6898
ord5047
ord715
ord3393
ord3728
ord810
ord1933
ord4266
ord3282
ord3909
ord3291
ord3298
ord3292
ord5777
ord2966
ord6004
ord3995
ord6771
ord6770
ord922
ord3290
ord4360
ord5080
ord1703
ord1708
ord5058
ord3725
ord554
ord807
ord4263
ord2444
ord2445
ord2144
ord6376
ord3798
ord4119
ord3737
ord4272
ord5679
ord3284
ord4238
ord1840
ord2406
ord3658
ord3621
ord825
ord567
ord540
ord693
ord800
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord3793
ord4347
ord6370
ord861
ord2859
ord3792
ord323
ord1633
ord5781
ord2855
ord5785
ord2746
ord6712
ord1165
ord2745
ord2755
ord6168
ord2397
ord640
ord3566
ord6451
ord823
ord6896
ord283
ord6688
ord2371
ord4155
ord1634
ord4037
ord3211
ord538
ord5706
ord942
ord3296
ord940
ord2910
ord5568
ord3905
ord5446
ord3288
ord5157
ord2377
ord5237
ord4396
ord1768
ord4073
ord6051
ord3614
ord3635
ord3365
ord5257
ord4831
ord5286
ord2574
ord2613
ord1569

msvcrt

_wcsnicmp
_wtol
_wcsicmp
wcsrchr
qsort
wcscpy
wcscmp
__CxxFrameHandler
swprintf
_ftol
memmove
_beginthreadex
wcscat
wcschr
wcsncpy
wcsncmp
_CIpow
wcsstr
_wasctime
gmtime
strncpy
iswlower
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
wcslen

kernel32

GetModuleHandleW
lstrlenW
GetDiskFreeSpaceW
MulDiv
lstrcatW
lstrcpyW
FormatMessageW
LocalFree
GetModuleFileNameW
GlobalLock
GlobalUnlock
FindFirstFileW
FindClose
FindNextFileW
GetFileAttributesW
Sleep
CreateDirectoryW
GetFileAttributesExW
WriteFile
SetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
DeleteFileW
CreateFileW
ReadFile
SetEvent
GetTickCount
ResetEvent
GetCurrentProcessId
CreateEventW
CreateThread
WaitForSingleObject
CloseHandle
GetLogicalDrives
lstrcpynW
GetStartupInfoW

user32

InsertMenuW
DrawStateW
LoadBitmapW
ScreenToClient
EnumChildWindows
IsChild
GetSysColorBrush
SystemParametersInfoW
IsRectEmpty
EndDeferWindowPos
BeginDeferWindowPos
GetWindowLongW
GetClassLongW
GetWindow
GetDCEx
wsprintfW
DrawFocusRect
DrawFrameControl
MapWindowPoints
GetCapture
GetMessagePos
CreateMenu
CallWindowProcW
FrameRect
GetDesktopWindow
SetWindowRgn
ChildWindowFromPointEx
WindowFromPoint
GetIconInfo
LoadCursorW
GetSysColor
EnableWindow
ClientToScreen
GetKeyState
GetParent
GetFocus
LoadImageW
DrawIconEx
DestroyIcon
ModifyMenuW
GetClientRect
FillRect
SendMessageW
InvalidateRect
UnhookWindowsHookEx
CallNextHookEx
PostQuitMessage
SetWindowsHookExW
GetCursorPos
RedrawWindow
IsWindow
SetWindowLongW
DestroyCursor
MessageBoxW
ShowWindow
CreateDialogParamW
DestroyWindow
GetMenu
SetMenu
UpdateWindow
MoveWindow
GetDlgItem
EnumWindows
GetWindowTextW
IsWindowVisible
ReleaseCapture
SetCursor
SetCapture
GetSystemMetrics
OffsetRect
MessageBeep
SetForegroundWindow
LoadStringW
PostMessageW
DrawTextW
KillTimer
PtInRect
SetTimer
InflateRect
GetDC
ReleaseDC
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringW
GetSubMenu
LoadMenuW
CopyRect
CreatePopupMenu
LoadIconW
GetComboBoxInfo
GetWindowRect

gdi32

EnumFontFamiliesW
Pie
FillRgn
CreateRectRgnIndirect
CombineRgn
SelectPalette
RealizePalette
CreateBitmap
SetBkColor
StretchBlt
GetTextColor
CreateDIBSection
RoundRect
CreateBrushIndirect
CreatePen
Polyline
Arc
SelectObject
CreateSolidBrush
SetBkMode
GetObjectW
SetTextColor
DeleteDC
DeleteObject
GetTextExtentPoint32W
GetCurrentObject
GetStockObject
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
PatBlt
SetPixel
GetPixel
ExtTextOutW
GetTextMetricsW
Rectangle
FrameRgn
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
GetDeviceCaps
CreateFontW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegQueryValueW
RegOpenKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFolderPathW
SHGetFileInfoW
ShellExecuteW
DragQueryFileW
SHGetMalloc

comctl32

ImageList_DrawEx
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_SetImageCount
ImageList_SetBkColor
ImageList_AddMasked
ImageList_Draw
ImageList_DragMove
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_DragLeave
ImageList_EndDrag

ole32

OleGetClipboard
ReleaseStgMedium
OleInitialize

Sections

.text
Size: 284KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Hdrw.dll
.dll windows:4 windows x86 arch:x86

eee58fc37d80e25dc87877db117b22db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
SetEvent
InterlockedDecrement
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetLocalTime
GetSystemTime
FindCloseChangeNotification
FindFirstChangeNotificationW
WaitForMultipleObjects
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameW
GetProcAddress
SetFilePointer
LoadLibraryW
GetVersionExW
Sleep
LocalFree
FormatMessageW
GetLastError
SetErrorMode
GetDriveTypeW
GetLogicalDrives
LocalAlloc
SetEndOfFile
GetFileSize
InterlockedIncrement
WaitForSingleObject
ResetEvent
CreateEventW
GetCurrentProcessId
DeleteVolumeMountPointW
GetVolumeNameForVolumeMountPointW
SetVolumeMountPointW
SetLastError
DefineDosDeviceW
DeviceIoControl
WriteFile
DeleteFileW
CreateFileW
ReadFile
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
InitializeCriticalSection

user32

LoadStringW
PostMessageW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
MessageBoxW

charset

TChar2WChar
UTF82WChar
Char2WChar
WChar2DOSName
WChar2Char
DOSName2WChar
WChar2TChar
Char2Unicode
Unicode2Char
WChar2UTF8

msvcrt

mktime
_tzset
_timezone
_stricmp
_adjust_fdiv
malloc
_initterm
??2@YAPAXI@Z
__CxxFrameHandler
??1exception@@UAE@XZ
abort
swprintf
wcscat
wcslen
wcscpy
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
_CxxThrowException
_wcsicmp
qsort
wcscmp
_wcsnicmp
wcsncpy
sprintf
strstr
strncmp
wcsrchr
gmtime
_strnicmp
strncpy
wcschr
strrchr
strchr
isgraph
tolower
toupper
islower
wcspbrk
wcsncmp
memmove
_ftol
_purecall
time
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_wtol
wcscspn
calloc
free
??1type_info@@UAE@XZ
__dllonexit
_onexit

Exports

Exports

Hdrw_AssignDriveLetter
Hdrw_BackupPartitionTable
Hdrw_ChangePartitionParameters
Hdrw_ChangePartitionType
Hdrw_CloneDisk
Hdrw_ClonePartition
Hdrw_ClonePartitionAllFrom
Hdrw_ClonePartitionByFilesFrom
Hdrw_ClonePartitionFromFile
Hdrw_ClonePartitionToFileAll
Hdrw_ClonePartitionToFileByFiles
Hdrw_ClonePartitionToFileByLayout
Hdrw_Close
Hdrw_CloseAllObjectHandles
Hdrw_CloseFile
Hdrw_CloseObjectHandle
Hdrw_CloseVirtualDiskFile
Hdrw_ConvertDiskToFddMode
Hdrw_ConvertDiskToHddMode
Hdrw_CreateFolder
Hdrw_CreateImgDiskFile
Hdrw_CreateNewPartition
Hdrw_CreateShadowPartition
Hdrw_CreateVmdkFile
Hdrw_DeleteFile
Hdrw_DeletePartition
Hdrw_DeleteShadowPartition
Hdrw_DeleteTree
Hdrw_DetectClusterSize
Hdrw_DisMountPartition
Hdrw_FileExist
Hdrw_FindClose
Hdrw_FindNextFile
Hdrw_FindOpen
Hdrw_FlushDiskCache
Hdrw_FlushInternalCache
Hdrw_FormatUnixAttributeString
Hdrw_GetActivePartition
Hdrw_GetAttributeByIndex
Hdrw_GetAttributeCount
Hdrw_GetBootInfoHeader
Hdrw_GetBootInfoHeaderSize
Hdrw_GetBootInfoSize
Hdrw_GetCHSParameter
Hdrw_GetClusterNumber
Hdrw_GetClusterSize
Hdrw_GetCommonPathForSelectedFiles
Hdrw_GetDefaultClusterSize
Hdrw_GetDeviceFileName
Hdrw_GetDiskCount
Hdrw_GetDiskName
Hdrw_GetDiskParameter
Hdrw_GetDiskPartition
Hdrw_GetDiskPartitionCount
Hdrw_GetDriveLabel
Hdrw_GetErrorString
Hdrw_GetExt3SuperBlock
Hdrw_GetExtAttributeData
Hdrw_GetExtAttributeSize
Hdrw_GetExtendPartition
Hdrw_GetFileAttributeInfo
Hdrw_GetFileCountAndSize
Hdrw_GetFilePointer
Hdrw_GetFileRecordRunlist
Hdrw_GetFileSize
Hdrw_GetHardDisk
Hdrw_GetHardDiskIndex
Hdrw_GetHardlinkPath
Hdrw_GetLBAParameter
Hdrw_GetLVMLogicalVolume
Hdrw_GetLVMPartitionName
Hdrw_GetLVMVolumeGroup
Hdrw_GetLVMVolumeGroupByIndex
Hdrw_GetLVMVolumeGroupCount
Hdrw_GetLastError
Hdrw_GetLinuxDeviceDescription
Hdrw_GetLogicalVolumeCount
Hdrw_GetMountPoint
Hdrw_GetNextSelectedFile
Hdrw_GetObjectData
Hdrw_GetPartition
Hdrw_GetPartitionByIndex
Hdrw_GetPartitionCount
Hdrw_GetPartitionExtentRange
Hdrw_GetPartitionIndex
Hdrw_GetPartitionInfo
Hdrw_GetPartitionParameters
Hdrw_GetPartitionSequenceNo
Hdrw_GetPhysicalDisk
Hdrw_GetPrimaryPartitionCount
Hdrw_GetSectorNumber
Hdrw_GetSectorSize
Hdrw_GetSecurityInfo
Hdrw_GetSelectState
Hdrw_GetShadowPartition
Hdrw_GetSize
Hdrw_GetSizeString
Hdrw_GetSystemType
Hdrw_GetTotalClusters
Hdrw_GetTwinPartition
Hdrw_GetUsingSize
Hdrw_GetVolumnLabel
Hdrw_GetWindowsPartitionNumber
Hdrw_HidePartition
Hdrw_Initialize
Hdrw_IsDiskObject
Hdrw_IsDynamicDisk
Hdrw_IsExtendPartition
Hdrw_IsFddDisk
Hdrw_IsFormattedPartition
Hdrw_IsHiddenPartition
Hdrw_IsJustFormated
Hdrw_IsLVMLogicalVolume
Hdrw_IsLVMPhysicalVolume
Hdrw_IsLVMVolumeGroupObject
Hdrw_IsLogicalPartition
Hdrw_IsNewlyFoundPartition
Hdrw_IsOpenByVolumeLabel
Hdrw_IsPartitionObject
Hdrw_IsPrimaryPartition
Hdrw_IsRestoringFiles
Hdrw_IsSupportedByWindows
Hdrw_IsSupportedPartitionType
Hdrw_IsUnixStyleFileAttribute
Hdrw_IsVirtualDiskFile
Hdrw_IsZipDisk
Hdrw_LVMGetPVInfo
Hdrw_LVMGetVGInfo
Hdrw_LoadPartitionTableFromFile
Hdrw_LockPartition
Hdrw_OpenFile
Hdrw_OpenVirtualDiskFile
Hdrw_OperationSupported
Hdrw_PartitionHasShadow
Hdrw_PartitionNeedDismount
Hdrw_PartitionTableNotSaved
Hdrw_QuickFormat
Hdrw_ReadBootInfo
Hdrw_ReadFile
Hdrw_ReadSectors
Hdrw_ReadSectorsByCHS
Hdrw_RebuildMBR
Hdrw_RefreshHardDisks
Hdrw_RefreshPartitions
Hdrw_RegisterChangeNotification
Hdrw_ReloadDiskPartitions
Hdrw_ReloadPartition
Hdrw_RemoveDriveLetter
Hdrw_RemoveVolume
Hdrw_ReplaceBootRecord
Hdrw_ResetPartition
Hdrw_ResetPartitionSucceed
Hdrw_RestorePartitionTable
Hdrw_SavePartitionTable
Hdrw_SearchDeletedFiles
Hdrw_SearchLostPartitions
Hdrw_SelectFile
Hdrw_SetActivePartition
Hdrw_SetBootInfoHeader
Hdrw_SetCacheSize
Hdrw_SetDeviceNotifyWindow
Hdrw_SetDiskGeometry
Hdrw_SetExtAttributeData
Hdrw_SetFileAttributes
Hdrw_SetFilePointer
Hdrw_SetFileSize
Hdrw_SetFileTime
Hdrw_SetMediaTypeFloppy
Hdrw_SetObjectData
Hdrw_SetPartitionParameters
Hdrw_SetPartitionSystemID
Hdrw_SetReadOnly
Hdrw_SetVolumnLabel
Hdrw_UncompressBackupedData
Hdrw_UnlockAllPartitions
Hdrw_UnlockPartition
Hdrw_UnregisterChangeNotification
Hdrw_VerifySectors
Hdrw_VerifySectorsByCHS
Hdrw_WriteBootInfo
Hdrw_WriteFile
Hdrw_WriteSectors
Hdrw_WriteSectorsByCHS

Sections

.text
Size: 612KB - Virtual size: 609KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HdrwImg.dll
.dll windows:4 windows x86 arch:x86

8c236f9c7405adc7a1baff41fdedae6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
FormatMessageW
GetLastError
InitializeCriticalSection
GetFileSizeEx
DeleteCriticalSection
CloseHandle
CreateFileW
ReadFile
LeaveCriticalSection
SetFilePointerEx
EnterCriticalSection
WriteFile

user32

LoadStringW

msvcrt

wcscpy
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
_purecall
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

CreateImgFile
CreateImgIOObject
Img_SetErrorBuffer

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hdrwnt.dll
.dll windows:4 windows x86 arch:x86

eb9435e4a40eb9af3ca51a24ee8156ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
CloseHandle
DeviceIoControl
CreateFileW
VerifyVersionInfoW
VerSetConditionMask
FlushFileBuffers
ReadFile
SetFilePointerEx
WriteFile
LocalFree
FormatMessageW
GetLastError
Sleep

user32

UnregisterDeviceNotification
RegisterDeviceNotificationW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MessageBoxW
LoadStringW

msvcrt

_adjust_fdiv
malloc
_initterm
free
__CxxFrameHandler
_purecall
wcscat
swprintf
wcslen
wcscpy
memmove
strncpy
_except_handler3
??3@YAXPAX@Z
??2@YAPAXI@Z
_close
_commit
_open_osfhandle
iswlower

Exports

Exports

CloseAllDisks
CreateHardDiskIOObject
CreateVolumeIOObject
GetDiskIndex
GetDiskList
GetDiskParameter
InitHardDisk
RefreshHardDisks
RegisterDiskChangeNotification
SetDeviceNotifyWindow
SetErrorBuffer
UnregisterDiskChangeNotification

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hdrwvm.dll
.dll windows:4 windows x86 arch:x86

288aeadbf447939ddc488d4fb2cfaa69

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
ReadFile
WriteFile
SetFilePointer
GetLastError
CreateFileW
LeaveCriticalSection
EnterCriticalSection
SetEndOfFile
DeleteFileW
FormatMessageW
CloseHandle
LocalFree

user32

LoadStringW

charset

Char2Unicode
Unicode2Char

msvcrt

?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
srand
time
wcscpy
??2@YAPAXI@Z
__CxxFrameHandler
_purecall
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
_CxxThrowException
??1exception@@UAE@XZ
rand
sprintf
strstr
wcslen
swprintf
free
??1type_info@@UAE@XZ
_initterm
malloc
_adjust_fdiv
_stricmp

Exports

Exports

CreateVmdkFile
CreateVmdkIOObject
Vmdk_SetErrorBuffer

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dos/CTMOUSE.EXE
dos/DISKGEN.EXE
dos/HELP.HLP
dos/LICENSE.TXT
dos/command.com
dos/fdauto.bat
.bat .vbs
dos/fdconfig.sys
dos/himem.exe
dos/kernel.sys
dos/shsucdx.com
dos/xcdrom.sys
help.chm
.chm
license.txt
ntb.att
ntupc.att
.ps1
rootsec.att
sec80sds.att
sec90sdh.att
sec90sii.att
update.dll
.dll windows:4 windows x86 arch:x86

b70e2e559b5cb58638e150190d932397

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
GetFileSize
CreateFileW
LocalAlloc
CreateEventW
GetCurrentProcessId
CloseHandle
WriteFile
CreateDirectoryW
CreateThread
SetEvent
ResetEvent
CopyFileW
LocalFree
GetLastError
GetPrivateProfileStringW
WaitForSingleObject

user32

SetWindowTextW
PostMessageW
SendMessageW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW

wininet

HttpSendRequestW
HttpAddRequestHeadersW
InternetOpenW
InternetConnectW
InternetCloseHandle
InternetAttemptConnect
HttpOpenRequestW
InternetWriteFile
HttpSendRequestExW
InternetReadFile
HttpQueryInfoW
HttpEndRequestW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

msvcrt

malloc
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
free
wcsrchr
_wcsicmp
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
wcscmp
wcsncmp
wcsncpy
wcscat
wcscpy
swprintf
wcsstr
wcslen
_wtol
??2@YAPAXI@Z
??1exception@@UAE@XZ
_CxxThrowException
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
__CxxFrameHandler

Exports

Exports

U_Cancel
U_CheckUpdate
U_GetDownloadSize
U_GetNewVersionNumber
U_GetReleaseNote
U_Init
U_Reset
U_Update

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
update.exe
.exe windows:4 windows x86 arch:x86

c3ed718b7642f04346b58ff87cda374a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
WriteFile
ReadFile
GetFileSize
CreateFileW
LocalFree
FormatMessageW
GetLastError
CreateDirectoryW
DeleteFileW
CopyFileW
Sleep
GetModuleFileNameW
GetModuleHandleW
GetStartupInfoW

user32

LoadStringW
MessageBoxW
SendMessageW
EnumWindows
GetWindowTextW

shell32

ShellExecuteW

msvcrt

_exit
_controlfp
_except_handler3
??2@YAPAXI@Z
??3@YAXPAX@Z
wcsstr
__set_app_type
wcscat
wcsrchr
swprintf
_wcsicmp
wcslen
calloc
free
wcscpy
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

991e0b0847418210a6ac7be9734bbeb6

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 650B

.data Size: 4KB - Virtual size: 36B

.reloc Size: 4KB - Virtual size: 132B

446428d1843165549bf550a8a697b94c

Headers

File Characteristics

Imports

hdrw

charset

update

mfc42u

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

Sections

.text Size: 284KB - Virtual size: 280KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 20KB - Virtual size: 20KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

eee58fc37d80e25dc87877db117b22db

Headers

File Characteristics

Imports

kernel32

user32

charset

msvcrt

Exports

Exports

Sections

.text Size: 612KB - Virtual size: 609KB

.rdata Size: 96KB - Virtual size: 92KB

.data Size: 56KB - Virtual size: 112KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 52KB - Virtual size: 49KB

8c236f9c7405adc7a1baff41fdedae6e

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 80B

.rsrc Size: 4KB - Virtual size: 152B

.reloc Size: 4KB - Virtual size: 376B

eb9435e4a40eb9af3ca51a24ee8156ab

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Exports

Exports

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 650B

.data
Size: 4KB - Virtual size: 36B

.reloc
Size: 4KB - Virtual size: 132B

.text
Size: 284KB - Virtual size: 280KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.text
Size: 612KB - Virtual size: 609KB

.rdata
Size: 96KB - Virtual size: 92KB

.data
Size: 56KB - Virtual size: 112KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 52KB - Virtual size: 49KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 80B

.rsrc
Size: 4KB - Virtual size: 152B

.reloc
Size: 4KB - Virtual size: 376B

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 91KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 912B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 954B

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 1KB