7eefc9c671fcb7e553607d795f1a3341[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

7eefc9c671fcb7e553607d795f1a3341.bin
Size

2.4MB
MD5

7eefc9c671fcb7e553607d795f1a3341
SHA1

5e86bb42a50cfd7cde5f5dfe269d9e0b946a7d46
SHA256

108754d971d16dd689857b87ec80ce74e29599130ecb6f1db07d66b2b08602dc
SHA512

2f9c6c27e4c956d8a47cc34ea92016c56b8763b60346123f4c3deccd426d42a95be2d2fc4fda5f9f38ed0f2042215da0ed686f9fc0ba9a771336c0de0fb79f69
SSDEEP

49152:vGxdBh9iy09Z+xKTRO3yHXdJ76D50Cau0IGaRLP3j5nOGCGmfYehSTJEgwy:viti9Zxc2o0CxRDsGCGVEWnwy

Score

3^/10

Malware Config

Signatures

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Malware/CmdManager.exe
unpack001/Malware/Player.dll
unpack001/Malware/PlayerExe.exe
unpack001/Malware/Server.exe
unpack001/Malware/VncSharp.dll
unpack001/Malware/_plugins/hvnc.plug
unpack001/Malware/_plugins/hvnc64.plug
unpack001/Malware/_plugins/rdpwrap.dll
unpack001/Malware/_plugins/vnc.plug
unpack001/Malware/_plugins/vnc64.plug
unpack001/Malware/bot.dll
unpack001/Malware/bot.exe
unpack001/Malware/bot_x64.dll
unpack001/Malware/bot_x64.exe
unpack001/Malware/botcmd.exe
unpack001/Malware/builder.exe
unpack001/Malware/builder_gui.exe

Files

7eefc9c671fcb7e553607d795f1a3341.bin
.rar
Malware/CmdManager.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

o:\server\CmdManager\obj\Debug\CmdManager.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware/CmdManager.xml
.xml
Malware/Player.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

o:\server\Player\obj\Debug\Player.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware/PlayerExe.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

o:\server\PlayerExe\obj\Debug\PlayerExe.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware/Server.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

o:\server\Server\obj\Debug\Server.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware/VncSharp.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

o:\server\VncSharp\obj\Debug\VncSharp.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware/_plugins/hvnc.plug
.dll windows:5 windows x86 arch:x86

26c4f65857697dd4c36aa779456309af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetMappedFileNameA
GetModuleFileNameExA
EnumProcessModules

shlwapi

StrRChrW
PathStripPathA
StrDupA
StrChrA
StrRChrA
PathRemoveArgsW
StrChrW
PathRemoveBlanksW
StrTrimW
StrCmpNIW
PathRemoveBlanksA
PathRemoveArgsA

ntdll

RtlEqualUnicodeString
NtQueryObject
NtQueryInformationFile
NtQuerySystemInformation
RtlUnwind
RtlCompareUnicodeString
RtlInitUnicodeString
NtResumeProcess
NtSuspendProcess
NtSetContextThread
NtGetContextThread
ZwQueryInformationProcess
RtlNtStatusToDosError
ZwClose
NtUnmapViewOfSection
NtMapViewOfSection
NtCreateSection
ZwQueryKey

ws2_32

closesocket
connect
ioctlsocket
recv
WSACleanup
WSAStartup
select
send
shutdown
socket
htonl
htons

crypt32

CryptMsgGetParam
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgClose
CryptDecodeObject

kernel32

FreeLibrary
GetProcAddress
GetVersion
LoadLibraryA
CreateEventA
GetModuleHandleA
VirtualProtect
GetCurrentProcess
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
lstrcmpA
lstrcpyA
lstrlenA
SetLastError
lstrcmpiW
lstrcpyW
lstrcatA
lstrcatW
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LocalFree
lstrcmpiA
VirtualAlloc
VirtualFree
VirtualAllocEx
WaitForSingleObject
GetFileSize
ReadFile
SetFilePointer
GetModuleFileNameA
CreateFileA
GetCurrentThread
TerminateThread
GetTickCount
SleepEx
ReleaseMutex
SetUnhandledExceptionFilter
SetErrorMode
WaitForMultipleObjects
CreateMutexA
IsBadStringPtrA
IsProcessorFeaturePresent
VirtualQuery
IsDebuggerPresent
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
ExpandEnvironmentStringsW
GetVersionExA
SetEvent
GetCurrentThreadId
HeapFree
HeapReAlloc
HeapAlloc
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
OutputDebugStringW
LoadLibraryExW
LCMapStringW
GetStringTypeW
GetModuleFileNameW
GetStdHandle
GetModuleHandleExW
ExitProcess
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
DecodePointer
EncodePointer
VerLanguageNameW
GetLocaleInfoW
GetSystemTimeAsFileTime
GetProcessTimes
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
DeleteFileW
RemoveDirectoryW
HeapDestroy
HeapCreate
GetModuleHandleW
CloseHandle
Sleep
ResumeThread
SuspendThread
GetThreadContext
WriteProcessMemory
ReadProcessMemory
GetLastError
CreateThread
SwitchToThread
GetCurrentProcessId
OpenProcess
VirtualProtectEx
CreateDirectoryW
DuplicateHandle
InterlockedDecrement
SetFilePointerEx
SetEndOfFile
WriteFile
GetFileInformationByHandle
InterlockedIncrement
GetProcessId
MulDiv
LoadLibraryW
MapViewOfFile
TerminateProcess
GetSystemWindowsDirectoryA
SystemTimeToFileTime
GetSystemTime
GetTempPathW
GetLongPathNameW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
OpenFileMappingA
CreateFileMappingA
OpenThread
FindClose
lstrcmpW
OpenEventA
CreateFileW
FindFirstFileW
FindNextFileW
lstrcpynW
GetEnvironmentVariableW
UnmapViewOfFile

user32

WindowFromDC
IsWindow
GetWindowThreadProcessId
GetThreadDesktop
UnhookWindowsHookEx
SetWindowsHookExA
GetAncestor
GetWindowInfo
CallNextHookEx
GetClassNameA
FindWindowA
GetParent
SetClassLongA
GetClassLongA
SetWindowLongA
GetWindowLongA
FillRect
ScreenToClient
ClientToScreen
GetClientRect
RedrawWindow
MenuItemFromPoint
GetMenuItemRect
EndMenu
TrackPopupMenuEx
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetSystemMenu
GetMenuState
HiliteMenuItem
GetMenu
SetKeyboardState
SetLayeredWindowAttributes
PrintWindow
CallWindowProcA
DefWindowProcA
PostMessageA
SendMessageTimeoutA
SendMessageA
ActivateKeyboardLayout
GetDC
ReleaseDC
wsprintfA
wsprintfW
GetUserObjectInformationA
GetDoubleClickTime
SetWindowPos
GetSystemMetrics
GetMenuItemInfoA
GetMenuDefaultItem
GetWindowRect
MapWindowPoints
IsRectEmpty
GetWindow
SetThreadDesktop
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
DestroyWindow
ShowWindow
CreateDialogIndirectParamW
EndDialog
ExitWindowsEx
GetKeyState
CreatePopupMenu
DestroyMenu
AppendMenuA
AttachThreadInput
IsWindowVisible
IsIconic
BringWindowToTop
SetFocus
SetActiveWindow
SetForegroundWindow
WindowFromPoint
PtInRect
EnumChildWindows
GetLastActivePopup
GetGUIThreadInfo
RealChildWindowFromPoint
DrawEdge
GetWindowTextA
GetScrollBarInfo
CreateDesktopA
EnumDesktopWindows
CloseDesktop
RegisterWindowMessageA
GetDesktopWindow
IntersectRect
ToUnicodeEx
GetKeyboardLayoutList
GetKeyboardLayout
ToAscii
VkKeyScanA
VkKeyScanExA
VkKeyScanExW
MapVirtualKeyA
MapVirtualKeyExA
ChildWindowFromPointEx
SetWinEventHook
UnhookWinEvent
RegisterClassA
CreateWindowExA
MoveWindow
CharUpperBuffW
SetTimer
KillTimer
DrawTextW
BeginPaint
EndPaint
GetSysColor
SendNotifyMessageA
OpenClipboard
CloseClipboard
GetClipboardOwner
SetClipboardViewer
ChangeClipboardChain
SetClipboardData
GetClipboardData
EmptyClipboard
FindWindowExA

gdi32

CombineRgn
CreateBitmap
CreatePatternBrush
SetWindowOrgEx
SetDIBColorTable
CreateDIBSection
GetStockObject
GetDIBits
GetDeviceCaps
CreateFontA
ExtTextOutA
SetTextColor
SetBkMode
GetClipBox
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetViewportOrgEx
SelectClipRgn
GetViewportOrgEx
GetClipRgn
DeleteObject
CreateRectRgn
GetSystemPaletteEntries
GetRegionData
GdiFlush
DeleteDC
SetBkColor

advapi32

RegOpenKeyExW
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorA
OpenProcessToken
OpenThreadToken
RegCloseKey

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitialize

Exports

Exports

VncStartServer
VncStopServer

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware/_plugins/hvnc64.plug
.dll windows:5 windows x64 arch:x64

53c3747c698f79b2430bf1104db11cb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

psapi

GetMappedFileNameA
GetModuleFileNameExA
EnumProcessModules

shlwapi

PathRemoveArgsW
PathRemoveBlanksW
PathRemoveArgsA
PathRemoveBlanksA
StrChrW
StrCmpNIW
StrTrimW
StrDupA
StrRChrA
StrChrA
StrRChrW
PathStripPathA

ntdll

NtQuerySystemInformation
RtlUnwindEx
RtlCompareUnicodeString
RtlInitUnicodeString
NtResumeProcess
NtSuspendProcess
NtSetContextThread
NtGetContextThread
ZwQueryInformationProcess
RtlNtStatusToDosError
ZwClose
NtUnmapViewOfSection
NtMapViewOfSection
NtCreateSection
NtQueryInformationFile
NtQueryObject
RtlEqualUnicodeString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
ZwQueryKey

ws2_32

WSAStartup
closesocket
connect
ioctlsocket
recv
select
send
shutdown
socket
htonl
htons
WSACleanup

crypt32

CryptDecodeObject
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose

kernel32

GetVersion
LoadLibraryA
GetCurrentProcessId
CreateEventA
GetModuleHandleA
VirtualProtect
GetCurrentProcess
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
lstrcmpA
lstrcpyA
lstrlenA
SetLastError
lstrcmpiW
lstrcpyW
lstrcatA
lstrcatW
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LocalFree
lstrcmpiA
VirtualAlloc
VirtualFree
VirtualAllocEx
GetProcAddress
WaitForSingleObject
GetFileSize
ReadFile
SetFilePointer
GetModuleFileNameA
CreateFileA
GetCurrentThread
TerminateThread
GetTickCount
SleepEx
ReleaseMutex
TerminateProcess
SetUnhandledExceptionFilter
SetErrorMode
WaitForMultipleObjects
CreateMutexA
IsBadStringPtrA
ExpandEnvironmentStringsW
GetVersionExA
OpenEventA
FreeLibrary
SetEvent
GetCurrentThreadId
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
HeapCreate
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
OutputDebugStringW
LoadLibraryExW
LCMapStringW
GetStringTypeW
GetModuleFileNameW
GetStdHandle
GetModuleHandleExW
ExitProcess
TlsSetValue
TlsGetValue
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
GetCPInfo
GetModuleHandleW
CloseHandle
Sleep
ResumeThread
SuspendThread
GetThreadContext
WriteProcessMemory
ReadProcessMemory
GetLastError
CreateThread
SwitchToThread
VirtualProtectEx
GlobalUnlock
GlobalFree
GetLongPathNameW
OpenProcess
GetOEMCP
GetACP
GlobalLock
IsValidCodePage
IsProcessorFeaturePresent
DecodePointer
EncodePointer
IsDebuggerPresent
VerLanguageNameW
GetLocaleInfoW
GetSystemTimeAsFileTime
GetProcessTimes
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
DuplicateHandle
SetFilePointerEx
SetEndOfFile
WriteFile
GetFileInformationByHandle
GetProcessId
MulDiv
GetSystemWindowsDirectoryA
SystemTimeToFileTime
GetSystemTime
OpenThread
FindClose
lstrcmpW
GlobalAlloc
CreateFileW
FindFirstFileW
FindNextFileW
lstrcpynW
GetEnvironmentVariableW
LoadLibraryW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetTempPathW

user32

EmptyClipboard
DefWindowProcA
GetClipboardData
PostMessageA
SendMessageTimeoutA
SendMessageA
ActivateKeyboardLayout
FindWindowExA
GetThreadDesktop
GetWindowThreadProcessId
WindowFromDC
IsIconic
UnhookWindowsHookEx
SetWindowsHookExA
GetAncestor
GetWindowInfo
CallNextHookEx
GetClassNameA
FindWindowA
GetParent
SetClassLongPtrA
GetClassLongPtrA
SetWindowLongPtrA
GetWindowLongPtrA
FillRect
ScreenToClient
ClientToScreen
GetClientRect
RedrawWindow
MenuItemFromPoint
GetMenuItemRect
EndMenu
TrackPopupMenuEx
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetSystemMenu
GetMenuState
HiliteMenuItem
GetMenu
SetKeyboardState
SetLayeredWindowAttributes
PrintWindow
CallWindowProcA
GetDC
ReleaseDC
wsprintfA
wsprintfW
GetUserObjectInformationA
GetDoubleClickTime
SetWindowPos
GetSystemMetrics
GetMenuItemInfoA
GetMenuDefaultItem
GetWindowRect
MapWindowPoints
IsRectEmpty
GetWindow
SetThreadDesktop
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
DestroyWindow
ShowWindow
CreateDialogIndirectParamW
EndDialog
ExitWindowsEx
GetKeyState
CreatePopupMenu
DestroyMenu
AppendMenuA
AttachThreadInput
IsWindowVisible
SetClipboardData
BringWindowToTop
SetFocus
SetActiveWindow
SetForegroundWindow
WindowFromPoint
PtInRect
EnumChildWindows
GetLastActivePopup
GetGUIThreadInfo
RealChildWindowFromPoint
DrawEdge
GetWindowTextA
GetScrollBarInfo
CreateDesktopA
EnumDesktopWindows
CloseDesktop
RegisterWindowMessageA
GetDesktopWindow
GetWindowLongA
SetWindowLongA
IntersectRect
ToUnicodeEx
GetKeyboardLayoutList
GetKeyboardLayout
ToAscii
VkKeyScanA
VkKeyScanExA
VkKeyScanExW
MapVirtualKeyA
MapVirtualKeyExA
ChildWindowFromPointEx
SetWinEventHook
UnhookWinEvent
RegisterClassA
CreateWindowExA
MoveWindow
CharUpperBuffW
SetTimer
KillTimer
DrawTextW
BeginPaint
EndPaint
GetSysColor
SendNotifyMessageA
OpenClipboard
CloseClipboard
GetClipboardOwner
SetClipboardViewer
ChangeClipboardChain
IsWindow

gdi32

GetStockObject
CreateDIBSection
SetDIBColorTable
CreateFontA
GetClipBox
SetBkColor
SetBkMode
SetTextColor
SetWindowOrgEx
ExtTextOutA
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetViewportOrgEx
SelectClipRgn
GetViewportOrgEx
GetClipRgn
DeleteObject
CreateRectRgn
GetSystemPaletteEntries
GetRegionData
GdiFlush
DeleteDC
GetDeviceCaps
CombineRgn
CreateBitmap
CreatePatternBrush
GetDIBits

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA
RegQueryValueExW
RegOpenKeyExW
OpenThreadToken
OpenProcessToken
RegCloseKey

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitialize

Exports

Exports

VncStartServer
VncStopServer

Sections

.text
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware/_plugins/rdpwrap.dll
.dll windows:5 windows x86 arch:x86

c94b75338d87dc2ca071fab086a3766a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapFree
MultiByteToWideChar
GetTickCount
CloseHandle
Sleep
WaitForSingleObject
HeapCreate
CreateProcessA
OpenProcess
GetTempPathA
CreateFileA
DeleteFileA
FindClose
FindFirstFileA
FindNextFileA
HeapAlloc
GetFileSize
ReadFile
SetFileAttributesA
WriteFile
GetTempFileNameA
GetLastError
CreateToolhelp32Snapshot
Process32First
Process32Next
ExitProcess
TerminateProcess
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
VirtualAllocEx
WriteProcessMemory
Thread32First
Thread32Next
HeapDestroy
IsWow64Process
MoveFileExA
GetExitCodeProcess
GetCurrentProcess

ntdll

RtlAdjustPrivilege

shlwapi

PathFindFileNameA
PathFindExtensionA

psapi

EnumProcessModules
GetModuleFileNameExA

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA
WTSEnumerateSessionsA
WTSQueryUserToken

user32

GetWindowThreadProcessId
FindWindowA
wvsprintfA

advapi32

CreateProcessAsUserA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
LookupAccountSidA
GetTokenInformation
StartServiceA
QueryServiceStatusEx
OpenServiceA
OpenSCManagerA
ControlService
CloseServiceHandle
ChangeServiceConfigA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
DuplicateTokenEx

shell32

SHCreateDirectoryExA
SHGetFolderPathA
ShellExecuteExA

Exports

Exports

install
uninstall

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware/_plugins/vnc.plug
.dll windows:5 windows x86 arch:x86

5c2ce08f08a5087e6c543acd43b55a8a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

ws2_32

connect
shutdown
send
WSADuplicateSocketA
WSAStartup
htonl
WSAGetLastError
WSAEventSelect
WSACleanup
bind
socket
WSACreateEvent
closesocket
listen
accept
htons

user32

WaitForInputIdle

kernel32

FlushFileBuffers
LCMapStringW
HeapSize
GetStringTypeW
WriteConsoleW
SetStdHandle
HeapReAlloc
RtlUnwind
LoadLibraryW
OutputDebugStringW
LoadLibraryExW
CreateRemoteThread
VirtualAllocEx
WriteProcessMemory
PeekNamedPipe
ConnectNamedPipe
GetTickCount
Sleep
ReadFile
DisconnectNamedPipe
GetLastError
CreateNamedPipeA
CloseHandle
FindResourceA
LoadResource
GetCurrentProcess
WaitForSingleObject
TerminateThread
SizeofResource
SetLastError
LockResource
WaitForMultipleObjects
CreateMutexA
DuplicateHandle
ReleaseMutex
GetCurrentProcessId
CreateThread
FreeLibrary
OpenProcess
Thread32First
Thread32Next
GetProcAddress
VirtualAlloc
LoadLibraryA
OpenThread
CreateToolhelp32Snapshot
SuspendThread
ResumeThread
ExitProcess
HeapFree
HeapAlloc
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetProcessHeap
InterlockedDecrement
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
InterlockedIncrement
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
SetFilePointerEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
CreateFileW

Exports

Exports

Init
VncStartServer
VncStopServer
_ReflectiveLoader@0

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware/_plugins/vnc64.plug
.dll windows:5 windows x64 arch:x64

b9dbac19a93eb64836de38e45990b88c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

RtlEqualUnicodeString
NtQueryInformationFile
NtQuerySystemInformation
_wcsnicmp
_strnicmp
NtGetContextThread
ZwQueryInformationProcess
NtResumeProcess
NtSetContextThread
NtSuspendProcess
ZwQueryInformationToken
ZwOpenProcess
ZwOpenProcessToken
NtCreateSection
ZwClose
RtlNtStatusToDosError
NtUnmapViewOfSection
NtMapViewOfSection
memcpy
RtlCompareUnicodeString
RtlInitUnicodeString
memcmp
memset
_strupr
NtQueryObject
ZwQueryKey
__C_specific_handler
__chkstk

kernel32

VirtualFree
GetLocaleInfoW
GetProcessTimes
GetSystemTimeAsFileTime
GetFileInformationByHandle
DeleteFileW
DuplicateHandle
CreateToolhelp32Snapshot
HeapReAlloc
HeapAlloc
HeapFree
SetEvent
HeapDestroy
HeapCreate
GetCurrentThreadId
lstrlenA
lstrcpyA
lstrcatA
GetLastError
CreateMutexA
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
SetLastError
lstrcmpiW
lstrcatW
lstrcpyW
LocalFree
GetCurrentProcess
GetTickCount
GetCurrentThread
TerminateThread
LoadLibraryA
WaitForSingleObject
lstrcmpiA
ReleaseMutex
SetErrorMode
SetUnhandledExceptionFilter
OpenProcess
Sleep
TerminateProcess
GetProcAddress
WaitForMultipleObjects
GetModuleHandleA
CloseHandle
GetCurrentProcessId
CreateThread
InitializeCriticalSection
LeaveCriticalSection
IsBadStringPtrA
EnterCriticalSection
DeleteCriticalSection
GetVersion
RaiseException
FreeLibrary
LoadLibraryExA
GetThreadContext
ReadProcessMemory
VirtualProtectEx
WriteProcessMemory
SuspendThread
ResumeThread
SwitchToThread
LocalAlloc
lstrcpynA
CreateEventA
lstrcmpA
VirtualProtect
CreateFileA
GetFileSize
SetFilePointer
Process32NextW
ReadFile
VirtualAlloc
VirtualAllocEx
GetModuleFileNameA
ExpandEnvironmentStringsW
GetVersionExA
RemoveDirectoryW
GetProcessId
Process32FirstW
WriteFile
CreateDirectoryW
SetFilePointerEx
SetEndOfFile
MulDiv
GetSystemTime
SystemTimeToFileTime
GetSystemWindowsDirectoryA
GlobalFree
GetLongPathNameW
GetTempPathW
GlobalUnlock
GlobalAlloc
GlobalLock
OpenFileMappingA
CreateFileMappingA
OpenThread
lstrcmpW
OpenEventA
FindFirstFileW
CreateFileW
FindClose
FindNextFileW
GetEnvironmentVariableW
lstrcpynW
GetModuleHandleW
LoadLibraryW
MapViewOfFile
UnmapViewOfFile
VerLanguageNameW

Exports

Exports

PluginRegisterCallbacks
VncStartServer
VncStopServer

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware/bot.dll
.dll windows:5 windows x86 arch:x86

5be76b875f0b372970034f8b7ff1499d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

Exports

Exports

?ReflectiveLoader@@YGKPAX@Z

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware/bot.exe
.exe windows:5 windows x86 arch:x86

b3659771bb5ac9f6ed1ee9aa25a3f19d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware/bot_cmd.txt
Malware/bot_x64.dll
.dll windows:5 windows x64 arch:x64

5be76b875f0b372970034f8b7ff1499d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

Exports

Exports

?ReflectiveLoader@@YA_KPEAX@Z

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware/bot_x64.exe
.exe windows:5 windows x64 arch:x64

b3659771bb5ac9f6ed1ee9aa25a3f19d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OutputDebugStringA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware/botcmd.exe
.exe windows:5 windows x86 arch:x86

2f7c362cde465254a58ac91a58626c85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

CommandLineToArgvW

ntdll

memset

kernel32

FreeEnvironmentStringsW
ReadConsoleW
ReadFile
CreateFileW
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
HeapFree
Sleep
EncodePointer
DecodePointer
InterlockedDecrement
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
FlushFileBuffers
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
IsDebuggerPresent
IsProcessorFeaturePresent
SetLastError
InterlockedIncrement
GetCurrentThreadId
GetStdHandle
GetModuleFileNameW
GetProcessHeap
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
HeapAlloc
HeapReAlloc
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
SetFilePointerEx
WriteConsoleW
RtlUnwind
GetStringTypeW
OutputDebugStringW
LoadLibraryW
CloseHandle
HeapSize
LCMapStringW

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware/builder.exe
.exe windows:5 windows x86 arch:x86

1c6f9d43f4ea4c4ef44026a73bc26f9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
ReadConsoleW
ReadFile
SetEndOfFile
GetCommandLineA
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
GetLastError
SetLastError
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
CloseHandle
HeapFree
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
WriteFile
GetModuleFileNameW
GetProcessHeap
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
Sleep
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapAlloc
LoadLibraryExW
OutputDebugStringW
LoadLibraryW
HeapReAlloc
GetStringTypeW
SetFilePointerEx
CreateFileW
WriteConsoleW
HeapSize
LCMapStringW

advapi32

CryptReleaseContext
CryptExportKey
CryptAcquireContextA
CryptGenKey
CryptDestroyKey

ntdll

strcat
sqrt

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware/builder_gui.config
Malware/builder_gui.exe
.exe windows:5 windows x86 arch:x86

494da06fa5dd6c1972ae28fbe09ec613

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\botep\bin\Release\builder_gui.pdb

Imports

kernel32

FreeEnvironmentStringsW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
OutputDebugStringW
IsValidCodePage
LCMapStringW
WriteConsoleW
CreateFileW
SetEnvironmentVariableA
GetStdHandle
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
HeapQueryInformation
HeapSize
ExitThread
CreateThread
HeapReAlloc
RaiseException
WideCharToMultiByte
VirtualQuery
VirtualAlloc
GetSystemInfo
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetEnvironmentStringsW
HeapAlloc
HeapFree
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
FindResourceExW
GetWindowsDirectoryA
SearchPathA
GetProfileIntA
GetTickCount
Sleep
VirtualProtect
GetTempFileNameA
GetTempPathA
SetErrorMode
GetFileTime
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
FileTimeToSystemTime
GetACP
GetFileAttributesA
VerifyVersionInfoA
lstrcpyA
VerSetConditionMask
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
QueryPerformanceCounter
GetProcessHeap
RtlUnwind
GetStringTypeW
CompareStringW
GetCurrentDirectoryA
InterlockedIncrement
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetVolumeInformationA
lstrcmpiA
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
FindFirstFileA
FindClose
DeleteFileA
CreateFileA
InterlockedDecrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetSystemDirectoryW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DecodePointer
EncodePointer
GlobalAddAtomA
ResumeThread
SetThreadPriority
CopyFileA
FormatMessageA
MulDiv
LocalFree
GlobalSize
GetCurrentProcessId
FindResourceA
GlobalFree
GlobalUnlock
FreeResource
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
LoadLibraryW
LoadLibraryA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetVersion
SetLastError
GetLastError
OutputDebugStringA
GetFileAttributesW
CompareStringA
MultiByteToWideChar
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
LoadLibraryExW
FreeLibrary
GetVersionExA
GetCurrentThreadId
GetCurrentThread
InterlockedExchange
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
ReadFile
CloseHandle
CreateProcessA
SetHandleInformation
CreatePipe
GetModuleFileNameA
FindResourceW
LoadResource
LockResource
SizeofResource

user32

CopyAcceleratorTableA
CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
GetKeyboardLayout
ReuseDDElParam
UnpackDDElParam
InsertMenuItemA
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
UnregisterClassA
UpdateLayeredWindow
GetUpdateRect
SetClassLongA
DestroyAcceleratorTable
ModifyMenuA
IsMenu
SetMenuDefaultItem
GetMenuDefaultItem
GetMenuItemInfoA
CopyIcon
GetIconInfo
GetDoubleClickTime
EnableScrollBar
DestroyMenu
LockWindowUpdate
CreatePopupMenu
BringWindowToTop
UnionRect
SetRect
SetCursorPos
NotifyWinEvent
MessageBeep
GetSystemMenu
LoadMenuW
GetAsyncKeyState
IsZoomed
TrackMouseEvent
LoadImageW
LoadImageA
DestroyIcon
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
MonitorFromPoint
SetParent
EnumDisplayMonitors
SetRectEmpty
SetLayeredWindowAttributes
IntersectRect
KillTimer
SetTimer
RealChildWindowFromPoint
DeleteMenu
SystemParametersInfoA
CopyImage
LoadCursorW
LoadCursorA
WindowFromPoint
ReleaseCapture
WaitMessage
CharUpperA
IsDialogMessageA
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
GetScrollInfo
SetScrollInfo
LoadIconA
GetWindow
GetTopWindow
GetClassLongA
SetWindowLongA
EqualRect
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
SetForegroundWindow
GetForegroundWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
IsChild
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
GetClassNameA
InvalidateRect
UpdateWindow
SetCursor
ShowOwnedPopups
ValidateRect
GetKeyState
PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
PtInRect
GetCursorPos
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
RemoveMenu
AppendMenuA
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringA
GetLastActivePopup
GetWindowRgn
DestroyCursor
CreateMenu
InvertRect
HideCaret
GetComboBoxInfo
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
MapVirtualKeyExA
GetWindowThreadProcessId
CopyRect
ReleaseDC
IsCharLowerA
GetNextDlgGroupItem
PostThreadMessageA
IsClipboardFormatAvailable
FrameRect
CharUpperBuffA
RegisterClipboardFormatA
MapDialogRect
WinHelpA
SubtractRect
GetDC
MapVirtualKeyA
GetKeyNameTextA
GetDesktopWindow
GetWindowLongA
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamA
DestroyWindow
IsWindow
DrawIconEx
GetParent
IsRectEmpty
OffsetRect
InflateRect
FillRect
DrawFocusRect
GetSysColorBrush
GetSysColor
MapWindowPoints
GetWindowRect
RedrawWindow
SetWindowRgn
DrawStateA
GetFocus
IsWindowVisible
DrawFrameControl
DrawEdge
RegisterWindowMessageA
PostQuitMessage
PostMessageA
MessageBoxA
wvsprintfA
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SendMessageA
LoadIconW
EnableWindow
SetCapture

gdi32

GetObjectA
MoveToEx
TextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectA
SetRectRgn
DPtoLP
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
RealizePalette
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateRoundRectRgn
Rectangle
GetRgnBox
OffsetRgn
RoundRect
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExA
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
SetPixelV
GetTextFaceA
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
SelectPalette
SetTextAlign
SetTextColor
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
CreatePalette
CreateSolidBrush
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteDC
CreatePatternBrush
CreatePen
CreateCompatibleDC
CreateBitmap
BitBlt
GetDeviceCaps
CreateDCA
CopyMetaFileA
GetTextMetricsA
Polyline
Polygon
CreatePolygonRgn
ExtTextOutA
PatBlt
GetTextExtentPoint32A
GetTextColor
GetBkColor
Ellipse
CreateRectRgnIndirect
CreateRectRgn
CreateHatchBrush
CreateEllipticRgn
CombineRgn
DeleteObject
SetBkColor

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegEnumKeyA
RegOpenKeyExA
RegEnumKeyExA
RegEnumValueA
RegQueryValueA
RegCloseKey
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetDesktopFolder
SHGetFileInfoA
SHAppBarMessage
SHGetMalloc
DragFinish
DragQueryFileA

comctl32

ord17
InitCommonControlsEx

shlwapi

PathFindExtensionA
PathFindFileNameA
PathRenameExtensionA
PathFileExistsA
PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
StrFormatKBSizeA

uxtheme

GetThemeColor
GetWindowTheme
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemePartSize
DrawThemeParentBackground
GetCurrentThemeName
IsAppThemed
DrawThemeText

ole32

OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor

oleaut32

SysAllocStringLen
VarBstrFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
SysStringLen
VariantChangeType
VariantClear
VariantInit
SysFreeString

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDrawImageRectI

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware/config_server.xml
.xml
Malware/example.config

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 136KB - Virtual size: 136KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 71KB - Virtual size: 70KB

.rsrc Size: 1024B - Virtual size: 832B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 147KB - Virtual size: 147KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 134KB - Virtual size: 133KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 12B

26c4f65857697dd4c36aa779456309af

Headers

DLL Characteristics

File Characteristics

Imports

psapi

shlwapi

ntdll

ws2_32

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 166KB - Virtual size: 166KB

.text
Size: 136KB - Virtual size: 136KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 71KB - Virtual size: 70KB

.rsrc
Size: 1024B - Virtual size: 832B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 147KB - Virtual size: 147KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 134KB - Virtual size: 133KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 166KB - Virtual size: 166KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 18KB - Virtual size: 27KB

.reloc
Size: 11KB - Virtual size: 10KB

.text
Size: 189KB - Virtual size: 188KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 27KB - Virtual size: 38KB

.pdata
Size: 8KB - Virtual size: 7KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 220KB - Virtual size: 220KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 308KB - Virtual size: 307KB

.reloc
Size: 10KB - Virtual size: 10KB