1bd3337a6c10520e8102e166f70981851b2e6144a3c600c23711c7de84af2b18

Sharing

Copy URL

Twitter E-mail

General

Target

1bd3337a6c10520e8102e166f70981851b2e6144a3c600c23711c7de84af2b18
Size

5.3MB
MD5

5213e9fce595e4447ae593279d6f3b5b
SHA1

76d958b5940c6495d8331e7957ca0fc1118303f1
SHA256

1bd3337a6c10520e8102e166f70981851b2e6144a3c600c23711c7de84af2b18
SHA512

18e36db588caffac95b220001f6ffcebf4e14f6ac105a5ef2d0e5dc3acda560c2a76fc9c87be9da8f12251bdd66350a4e05526d44f5af039977857c182e1ab8a
SSDEEP

98304:DftzjPppbCngAHiMqZMqGCOmvXG6rDpNxpTF70+tC4hN4k:z5VMnkZGd426DpNxpXA4hKk

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack002/31AA8EC187E1241A94127336996F9CB38719EB9B
unpack003/4B356B88FB3A3DCE1F009E4E92CD4A59383E0764
unpack004/5F71BE645E8AC995555A891087B46ED357386DBE
unpack005/AFD4216E93A82FEEBAFD3A68E9308CA4B0B54372
unpack006/B4362FCD75FD071FC8237C543C56DF5736B8E177
unpack007/BA8909EEF5EE280AE43B935CF4AE38CCF21BDE56
unpack008/DE7CED27456A1E4581D6A4BF126F56061B7F9859
unpack009/$PLUGINSDIR/diversion.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack008/DE7CED27456A1E4581D6A4BF126F56061B7F9859	nsis_installer_1
static1/unpack008/DE7CED27456A1E4581D6A4BF126F56061B7F9859	nsis_installer_2

Files

1bd3337a6c10520e8102e166f70981851b2e6144a3c600c23711c7de84af2b18
.zip
31AA8EC187E1241A94127336996F9CB38719EB9B.7z
.7z

Password: infected
31AA8EC187E1241A94127336996F9CB38719EB9B
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
4B356B88FB3A3DCE1F009E4E92CD4A59383E0764.7z
.7z

Password: infected
4B356B88FB3A3DCE1F009E4E92CD4A59383E0764
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5F71BE645E8AC995555A891087B46ED357386DBE.7z
.7z

Password: infected
5F71BE645E8AC995555A891087B46ED357386DBE
.exe windows:4 windows x86 arch:x86

daf574f3040b477b1ee15e12a0c73af8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtectEx
GetLastError
CreateMutexA
ContinueDebugEvent
ResumeThread
OutputDebugStringA
OutputDebugStringW
SetThreadContext
GetThreadContext
WaitForDebugEvent
WriteProcessMemory
UnmapViewOfFile
InitializeCriticalSection
FreeConsole
CreateThread
SuspendThread
DebugActiveProcess
SetEnvironmentVariableA
GetCurrentProcessId
MapViewOfFile
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
GetVersionExA
GetProcAddress
LoadLibraryA
GetEnvironmentVariableA
VirtualProtect
VirtualAlloc
SetLastError
ReleaseMutex
WaitForSingleObject
OpenMutexA
SetErrorMode
GetShortPathNameA
GetModuleFileNameA
GetShortPathNameW
GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
IsBadReadPtr
GlobalAddAtomA
GlobalAddAtomW
GlobalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
SetFilePointer
CreateFileA
ExitProcess
GetLocalTime
MultiByteToWideChar
SearchPathA
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetWindowsDirectoryA
GetPrivateProfileStringA
EnterCriticalSection
DeleteFileA
MoveFileA
CreateProcessA
GetStartupInfoA
GetCommandLineA
GetCurrentThreadId
ReadFile
GetFileSize
GetProcessHeap
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
LoadLibraryW
FreeLibrary
SetConsoleCtrlHandler
FatalAppExitA
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
GetLocaleInfoW
GetStdHandle
WriteFile
IsProcessorFeaturePresent
CompareStringW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
LCMapStringW
HeapAlloc
GetDateFormatA
GetTimeFormatA
GetModuleHandleW
HeapFree
GetSystemTimeAsFileTime
GetStartupInfoW
RaiseException
RtlUnwind
ReadProcessMemory
LeaveCriticalSection
GetExitCodeProcess
GetCurrentThread
SetThreadPriority
Sleep
GetTickCount
VirtualQueryEx
CreateEventA
SetEvent
CloseHandle
GetModuleHandleA
WritePrivateProfileStringA
GetCommandLineW
FormatMessageA
LocalFree
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
DeleteCriticalSection
SetEndOfFile
SetFilePointerEx
CreateFileW
FindClose
RemoveDirectoryW
DeleteFileW
DeviceIoControl
GetFullPathNameW
FindFirstFileW
FindNextFileW
GetFileAttributesW
CreateDirectoryExW
CopyFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
GetFileTime
SetFileTime
MoveFileExW
GetDiskFreeSpaceExW
CreateDirectoryW
AreFileApisANSI

user32

BeginPaint
EndPaint
KillTimer
GetAsyncKeyState
DefDlgProcA
DrawTextA
CreateDialogParamA
RegisterClassExA
DialogBoxParamA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
InSendMessage
UnpackDDElParam
DefWindowProcW
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
RegisterClassA
CreateWindowExA
GetWindowThreadProcessId
SendMessageW
PeekMessageA
EnumWindows
IsWindowUnicode
PackDDElParam
PostMessageW
PostMessageA
IsWindow
LoadStringA
LoadStringW
FindWindowA
DestroyWindow
GetDesktopWindow
GetSystemMetrics
MoveWindow
SendMessageA
SetPropA
EnumThreadWindows
GetPropA
WaitForInputIdle
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
FreeDDElParam

gdi32

SelectObject
BitBlt
DeleteObject
CreatePalette
CreateDCA
SelectPalette
RealizePalette
CreateDIBitmap
DeleteDC
CreateCompatibleDC

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

.adata
Size: 4KB - Virtual size: 4KB

.zdata
Size: 4KB - Virtual size: 4KB

.zdata
Size: 4KB - Virtual size: 4KB

.zdata
Size: 4KB - Virtual size: 4KB

.ndata
Size: 4KB - Virtual size: 4KB

.ndata
Size: 4KB - Virtual size: 4KB

.text1
Size: 756KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 132KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AFD4216E93A82FEEBAFD3A68E9308CA4B0B54372.7z
.7z

Password: infected
AFD4216E93A82FEEBAFD3A68E9308CA4B0B54372
.exe windows:4 windows x86 arch:x86

daf574f3040b477b1ee15e12a0c73af8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

VirtualProtectEx
GetLastError
CreateMutexA
ContinueDebugEvent
ResumeThread
OutputDebugStringA
OutputDebugStringW
SetThreadContext
GetThreadContext
WaitForDebugEvent
WriteProcessMemory
UnmapViewOfFile
InitializeCriticalSection
FreeConsole
CreateThread
SuspendThread
DebugActiveProcess
SetEnvironmentVariableA
GetCurrentProcessId
MapViewOfFile
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
GetVersionExA
GetProcAddress
LoadLibraryA
GetEnvironmentVariableA
VirtualProtect
VirtualAlloc
SetLastError
ReleaseMutex
WaitForSingleObject
OpenMutexA
SetErrorMode
GetShortPathNameA
GetModuleFileNameA
GetShortPathNameW
GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
IsBadReadPtr
GlobalAddAtomA
GlobalAddAtomW
GlobalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
SetFilePointer
CreateFileA
ExitProcess
GetLocalTime
MultiByteToWideChar
SearchPathA
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetWindowsDirectoryA
GetPrivateProfileStringA
EnterCriticalSection
DeleteFileA
MoveFileA
CreateProcessA
GetStartupInfoA
GetCommandLineA
GetCurrentThreadId
ReadFile
GetFileSize
GetProcessHeap
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
LoadLibraryW
FreeLibrary
SetConsoleCtrlHandler
FatalAppExitA
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
GetLocaleInfoW
GetStdHandle
WriteFile
IsProcessorFeaturePresent
CompareStringW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
LCMapStringW
HeapAlloc
GetDateFormatA
GetTimeFormatA
GetModuleHandleW
HeapFree
GetSystemTimeAsFileTime
GetStartupInfoW
RaiseException
RtlUnwind
ReadProcessMemory
LeaveCriticalSection
GetExitCodeProcess
GetCurrentThread
SetThreadPriority
Sleep
GetTickCount
VirtualQueryEx
CreateEventA
SetEvent
CloseHandle
GetModuleHandleA
WritePrivateProfileStringA
GetCommandLineW
FormatMessageA
LocalFree
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
DeleteCriticalSection
SetEndOfFile
SetFilePointerEx
CreateFileW
FindClose
RemoveDirectoryW
DeleteFileW
DeviceIoControl
GetFullPathNameW
FindFirstFileW
FindNextFileW
GetFileAttributesW
CreateDirectoryExW
CopyFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
GetFileTime
SetFileTime
MoveFileExW
GetDiskFreeSpaceExW
CreateDirectoryW
AreFileApisANSI

user32

BeginPaint
EndPaint
KillTimer
GetAsyncKeyState
DefDlgProcA
DrawTextA
CreateDialogParamA
RegisterClassExA
DialogBoxParamA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
InSendMessage
UnpackDDElParam
DefWindowProcW
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
RegisterClassA
CreateWindowExA
GetWindowThreadProcessId
SendMessageW
PeekMessageA
EnumWindows
IsWindowUnicode
PackDDElParam
PostMessageW
PostMessageA
IsWindow
LoadStringA
LoadStringW
FindWindowA
DestroyWindow
GetDesktopWindow
GetSystemMetrics
MoveWindow
SendMessageA
SetPropA
EnumThreadWindows
GetPropA
WaitForInputIdle
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
FreeDDElParam

gdi32

SelectObject
BitBlt
DeleteObject
CreatePalette
CreateDCA
SelectPalette
RealizePalette
CreateDIBitmap
DeleteDC
CreateCompatibleDC

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 28KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 64B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 845KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.ixz
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE

.text1
Size: 756KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 132KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc1
Size: 40KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 700KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
B4362FCD75FD071FC8237C543C56DF5736B8E177.7z
.7z

Password: infected
B4362FCD75FD071FC8237C543C56DF5736B8E177
.exe windows:4 windows x86 arch:x86

81807616057a52c8487e02878f15ed06

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
TerminateProcess
HeapFree
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
GetTimeZoneInformation
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
ExitProcess
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetStringTypeA
GetStringTypeW
SetStdHandle
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
GetStartupInfoW
FileTimeToLocalFileTime
FindResourceA
GlobalAddAtomA
GetProfileStringA
FileTimeToSystemTime
SetErrorMode
GetFileTime
GetFileAttributesW
SizeofResource
GetProcessVersion
WritePrivateProfileStringW
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
FormatMessageW
LocalFree
MulDiv
SetLastError
lstrcmpiW
GetThreadLocale
GetFullPathNameW
lstrcpynW
GetVolumeInformationW
FindFirstFileW
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentProcess
DuplicateHandle
GetLastError
GetModuleHandleA
GetVersion
lstrcatW
GlobalAddAtomW
GlobalFindAtomW
lstrcpyW
GetModuleHandleW
MultiByteToWideChar
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalUnlock
GlobalFree
LockResource
FindResourceW
LoadResource
GetModuleFileNameW
GlobalLock
lstrcmpW
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
lstrlenW
WideCharToMultiByte
GetCurrentThread
GetCurrentThreadId
GetTickCount
LoadLibraryW
FreeLibrary
GetCurrentProcessId
OpenProcess
LoadLibraryA
GetProcAddress
CreateFileW
GetFileSize
ReadFile
VirtualFree
CloseHandle

user32

InvalidateRect
InflateRect
RegisterClipboardFormatW
PostThreadMessageW
UpdateWindow
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
CopyRect
GetTopWindow
IsChild
GetCapture
WinHelpW
wsprintfW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthW
GetWindowTextW
GetDlgCtrlID
CreateWindowExW
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
DefWindowProcW
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongW
RegisterWindowMessageW
OffsetRect
IntersectRect
SystemParametersInfoW
GetWindowPlacement
GetWindowRect
MapDialogRect
CopyAcceleratorTableW
GetWindow
SetWindowContextHelpId
EndDialog
SetActiveWindow
IsWindow
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
LoadIconW
SendMessageW
AppendMenuW
GetSystemMenu
UnregisterClassW
GetWindowTextLengthA
HideCaret
ShowCaret
IsWindowVisible
PeekMessageW
GetCursorPos
SetWindowsHookExW
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongW
MessageBoxW
SetCursor
PostQuitMessage
PostMessageW
MessageBeep
GetNextDlgGroupItem
GetMessageTime
SetRect
EnableWindow
IsIconic
ExcludeUpdateRgn
GetWindowTextA
DrawTextA
DrawFocusRect
GetClassInfoA
DefDlgProcA
DefWindowProcA
CharNextA
CallWindowProcA
RemovePropA
SetWindowsHookExA
GetWindowLongA
SendMessageA
IsWindowUnicode
GetClassNameA
SetWindowLongA
SetPropA
GetPropA
DrawIcon
GetClientRect
GetSystemMetrics
CharNextW
PtInRect
GetClassNameW
GetDesktopWindow
LoadCursorW
GrayStringW
CreateDialogIndirectParamW
GetSysColorBrush
DrawTextW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
DestroyMenu
LoadStringW
CharUpperW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetWindowPos

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
PatBlt
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateDIBitmap
ExtTextOutA
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateBitmap

comdlg32

GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

comctl32

ord17

oledlg

OleUIBusyW

ole32

CoFreeUnusedLibraries
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleUninitialize

olepro32

ord253

oleaut32

SysAllocString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen

psapi

GetModuleFileNameExW

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 360KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BA8909EEF5EE280AE43B935CF4AE38CCF21BDE56.7z
.7z

Password: infected
BA8909EEF5EE280AE43B935CF4AE38CCF21BDE56
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DE7CED27456A1E4581D6A4BF126F56061B7F9859.7z
.7z

Password: infected
DE7CED27456A1E4581D6A4BF126F56061B7F9859
.exe windows:4 windows x86 arch:x86

e160ef8e55bb9d162da4e266afd9eef3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
SearchPathA
GetShortPathNameA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
Sleep
CloseHandle
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
GlobalAlloc
CompareFileTime
SetFileTime
ExpandEnvironmentStringsA
lstrcmpiA
lstrcmpA
WaitForSingleObject
GlobalFree
GetExitCodeProcess
GetModuleHandleA
SetErrorMode
GetCommandLineA
LoadLibraryExA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
WriteFile
FindClose
WritePrivateProfileStringA
MultiByteToWideChar
MulDiv
GetPrivateProfileStringA
FreeLibrary

user32

CreateWindowExA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
GetDC
SystemParametersInfoA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
GetDlgItem
wsprintfA
SetForegroundWindow
ShowWindow
IsWindow
LoadImageA
SetWindowLongA
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
PostQuitMessage
FindWindowExA
SendMessageTimeoutA
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/diversion.dll
.dll windows:4 windows x86 arch:x86

64dca62e66a85db04c479165d3c517ac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
GetModuleHandleA
GetProcAddress
GlobalFix
InitializeCriticalSection
LeaveCriticalSection
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
_errno
_iob
abort
calloc
fflush
free
fwrite
malloc
memcpy
vfprintf

shell32

ShellAboutA
ShellExecuteA

user32

OpenClipboard

Exports

Exports

Containers

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 88B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/diversion.b

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

File Characteristics

Sections

.text Size: 92KB - Virtual size: 88KB

.data Size: - Virtual size: 7KB

.rsrc Size: 308KB - Virtual size: 306KB

Password: infected

Headers

File Characteristics

Sections

.text Size: 64KB - Virtual size: 63KB

.data Size: - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 3KB

Password: infected

daf574f3040b477b1ee15e12a0c73af8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Sections

.text Size: - Virtual size: 19KB

.rdata Size: - Virtual size: 1KB

.data Size: - Virtual size: 354KB

.idata Size: 4KB - Virtual size: 4KB

.adata Size: 4KB - Virtual size: 4KB

.zdata Size: 4KB - Virtual size: 4KB

.zdata Size: 4KB - Virtual size: 4KB

.zdata Size: 4KB - Virtual size: 4KB

.ndata Size: 4KB - Virtual size: 4KB

.ndata Size: 4KB - Virtual size: 4KB

.text1 Size: 756KB - Virtual size: 768KB

.adata Size: 52KB - Virtual size: 64KB

.data1 Size: 132KB - Virtual size: 256KB

.pdata Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 28KB - Virtual size: 352KB

Password: infected

daf574f3040b477b1ee15e12a0c73af8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Sections

.text Size: - Virtual size: 1.8MB

.itext Size: - Virtual size: 16KB

.data Size: - Virtual size: 30KB

.bss Size: - Virtual size: 28KB

.idata Size: - Virtual size: 13KB

.tls Size: - Virtual size: 64B

.rdata Size: 4KB - Virtual size: 24B

.reloc Size: - Virtual size: 845KB

.ixz Size: - Virtual size: 4KB

.text1 Size: 756KB - Virtual size: 768KB

.adata Size: 52KB - Virtual size: 64KB

.data1 Size: 132KB - Virtual size: 192KB

.reloc1 Size: 40KB - Virtual size: 64KB

.pdata Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 700KB - Virtual size: 700KB

Password: infected

81807616057a52c8487e02878f15ed06

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

.text
Size: 92KB - Virtual size: 88KB

.data
Size: - Virtual size: 7KB

.rsrc
Size: 308KB - Virtual size: 306KB

.text
Size: 64KB - Virtual size: 63KB

.data
Size: - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: - Virtual size: 19KB

.rdata
Size: - Virtual size: 1KB

.data
Size: - Virtual size: 354KB

.idata
Size: 4KB - Virtual size: 4KB

.adata
Size: 4KB - Virtual size: 4KB

.zdata
Size: 4KB - Virtual size: 4KB

.zdata
Size: 4KB - Virtual size: 4KB

.zdata
Size: 4KB - Virtual size: 4KB

.ndata
Size: 4KB - Virtual size: 4KB

.ndata
Size: 4KB - Virtual size: 4KB

.text1
Size: 756KB - Virtual size: 768KB

.adata
Size: 52KB - Virtual size: 64KB

.data1
Size: 132KB - Virtual size: 256KB

.pdata
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 28KB - Virtual size: 352KB

.text
Size: - Virtual size: 1.8MB

.itext
Size: - Virtual size: 16KB

.data
Size: - Virtual size: 30KB

.bss
Size: - Virtual size: 28KB

.idata
Size: - Virtual size: 13KB

.tls
Size: - Virtual size: 64B

.rdata
Size: 4KB - Virtual size: 24B

.reloc
Size: - Virtual size: 845KB

.ixz
Size: - Virtual size: 4KB

.text1
Size: 756KB - Virtual size: 768KB

.adata
Size: 52KB - Virtual size: 64KB

.data1
Size: 132KB - Virtual size: 192KB

.reloc1
Size: 40KB - Virtual size: 64KB

.pdata
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 700KB - Virtual size: 700KB

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 20KB - Virtual size: 36KB

.rsrc
Size: 360KB - Virtual size: 357KB

.text
Size: 60KB - Virtual size: 56KB

.data
Size: - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 105KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 7KB - Virtual size: 7KB

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 104B

.rdata
Size: 512B - Virtual size: 236B

.eh_fram
Size: 1024B - Virtual size: 852B

.bss
Size: - Virtual size: 88B

.edata
Size: 512B - Virtual size: 76B

.idata
Size: 1024B - Virtual size: 856B

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 1024B - Virtual size: 528B

.reloc
Size: 512B - Virtual size: 304B