e204db1e2d43677f71707be9e06c8383

Sharing

Copy URL

Twitter E-mail

General

Target

e204db1e2d43677f71707be9e06c8383
Size

716KB
MD5

e204db1e2d43677f71707be9e06c8383
SHA1

8aad3d50972fe464b6a5464f3051152f5420080d
SHA256

a0ce70b53ce4acac01772a7a237a8f30ba0b000aa4995e3e761c0a9f17a502d5
SHA512

d71cf3e117ac52125a92a376cad93606a42b9fa9172c2b59dd00fb521a000706d71e46b2a5deb9fdcc1cfa043424fd66ab1baf75c94d3c3d69b32f7d77e9bb2f
SSDEEP

12288:tcZ5pJi90g/rYKK7vciWHiYlBJ/OaimjGKJ/FBVeuwAOOJ7HgMXxXBBOB3oPj7:SZ3Ji9frYKwvciSflBJ/O9ZuXV/wAHJV

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PPVod/PPVod.exe
unpack001/PPVod/QvodInster.dll
unpack001/PPVod/QvodTerminal.exe
unpack001/PPVod/Temp/upd18.tmp
unpack001/PPVod/Temp/upd1A.tmp

Files

e204db1e2d43677f71707be9e06c8383
.rar
PPVod/!)卸载.BAT
PPVod/!)绿化.BAT
PPVod/PPVod.exe
.exe windows:4 windows x86 arch:x86

4e33de3a1278d394facc501cb3329ae7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringA
LocalFree
GetOEMCP
GetACP
GetCPInfo
ReadFile
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
SetUnhandledExceptionFilter
FlushFileBuffers
WriteFile
HeapSize
GetCurrentProcess
TerminateProcess
HeapReAlloc
HeapAlloc
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapFree
RaiseException
RtlUnwind
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW
CreateDirectoryA
GetTempFileNameA
GetShortPathNameA
OpenFile
GetWindowsDirectoryA
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFilePointer
SetEndOfFile
GetVersion
OpenMutexA
CreateMutexA
GetTempPathA
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleA
lstrlenA
RemoveDirectoryA
GetModuleFileNameA
GetTickCount
Sleep
DeleteFileA
GetFileAttributesA
LoadLibraryA
GetProcAddress
FreeLibrary
GetSystemDirectoryA
GetDiskFreeSpaceExA
GetCurrentThreadId
InterlockedDecrement
GlobalAlloc
GlobalLock
GlobalUnlock
CreateThread
WaitForSingleObject
EnterCriticalSection
SetEvent
LeaveCriticalSection
CloseHandle
CreateEventA
FindFirstFileA
WritePrivateProfileStringA
FindNextFileA
FindClose
lstrcpyA
GetVersionExA
GetLastError
GetPrivateProfileStringA
LCMapStringA
SetEnvironmentVariableA

user32

SetDlgItemTextA
EndDialog
GetDlgItemTextA
GetDlgItem
IsDlgButtonChecked
SetWindowRgn
IsZoomed
GetSystemMetrics
PostQuitMessage
CheckRadioButton
SetFocus
GetScrollInfo
GetScrollRange
GetScrollPos
SetTimer
SetCapture
ReleaseCapture
FillRect
KillTimer
LoadImageA
IsWindow
GetWindowRect
GetDlgCtrlID
LoadAcceleratorsA
RegisterClassExA
LoadCursorA
LoadIconA
GetClassInfoExA
IsWindowEnabled
SetCursor
DrawStateA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
SetForegroundWindow
IsIconic
DialogBoxParamA
CheckMenuItem
GetSystemMenu
InsertMenuA
RegisterWindowMessageA
IsMenu
GetMenuItemInfoA
SetMenuItemInfoA
SetRectEmpty
IntersectRect
GetKeyState
SetWindowsHookExA
UnhookWindowsHookEx
WindowFromPoint
CallNextHookEx
DefWindowProcA
GetWindowLongA
SetWindowLongA
CreateWindowExA
DestroyWindow
CreatePopupMenu
AppendMenuA
CreateMenu
GetMenuState
ModifyMenuA
FindWindowA
GetDesktopWindow
PtInRect
SystemParametersInfoA
LoadMenuA
GetMenuItemCount
GetMenuStringA
GetMenuItemID
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
GetSubMenu
GetCursorPos
TrackPopupMenu
DestroyMenu
GetDC
EnableWindow
MoveWindow
CopyRect
SetWindowTextA
GetWindowDC
OffsetRect
GetFocus
ReleaseDC
InvalidateRect
BeginPaint
GetClientRect
DrawTextA
EndPaint
CallWindowProcA
GetParent
wsprintfA
MessageBoxA
ClientToScreen
ScreenToClient
ShowWindow
UpdateWindow
PostMessageA
SendMessageA
SetWindowPos

gdi32

Rectangle
SetROP2
CreateSolidBrush
GetClipBox
GetTextExtentPoint32A
CreateFontIndirectA
ExtTextOutA
StretchBlt
SetTextColor
CreatePen
MoveToEx
LineTo
SetBkMode
GetStockObject
GetObjectA
SetBkColor
CombineRgn
CreateRectRgn
GetPixel
DeleteDC
BitBlt
CreateCompatibleBitmap
SelectObject
DeleteObject
CreateCompatibleDC

comctl32

ImageList_GetImageCount
_TrackMouseEvent
ImageList_Draw
ImageList_Create
ImageList_AddMasked
ImageList_Destroy
InitializeFlatSB
InitCommonControlsEx
FlatSB_EnableScrollBar

shell32

DragFinish
Shell_NotifyIconA
DragAcceptFiles
SHFileOperationA
ShellExecuteA
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
DragQueryFileA

comdlg32

GetOpenFileNameA

ws2_32

send
socket
ntohl
closesocket
connect
WSAStartup
WSACleanup
inet_ntoa
ntohs
htonl
htons
recv
inet_addr
setsockopt

advapi32

StartServiceA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
DeleteService
ControlService
OpenSCManagerA
OpenServiceA
CreateServiceA
RegCloseKey
QueryServiceStatus
CloseServiceHandle
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA

ole32

CoInitializeSecurity
CoInitialize
StringFromCLSID
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysFreeString
VariantInit
VariantClear
GetErrorInfo

atl

ord39
ord42
ord47

Sections

.text
Size: 256KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PPVod/Qvod.cfg
PPVod/QvodInster.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d63b9079665814b2265fabafa6fb4719

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CompareStringW
CompareStringA
FlushFileBuffers
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
SetEndOfFile
GetStartupInfoA
GetStdHandle
SetHandleCount
SetStdHandle
SetEnvironmentVariableA
ReadFile
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
HeapSize
TerminateProcess
ExitProcess
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
RaiseException
GetVersion
GetCommandLineA
CreateFileA
GetFileType
CloseHandle
HeapAlloc
HeapReAlloc
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapFree
RtlUnwind
LocalFree
lstrcatA
lstrcpyA
InitializeCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
HeapDestroy
lstrcmpiA
IsDBCSLeadByte
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
lstrcpynA
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
LoadLibraryA
GetProcAddress
FreeLibrary
lstrcmpA
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
lstrlenW
FindFirstFileA
FindNextFileA
InterlockedIncrement
Sleep
GetPrivateProfileStringA
GetLastError
InterlockedDecrement
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenA
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
SetFilePointer

user32

ScreenToClient
InvalidateRect
IsWindow
RegisterClassExA
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
DefWindowProcA
ReleaseDC
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
IsChild
GetFocus
GetDC
GetParent
KillTimer
SystemParametersInfoA
SetFocus
FindWindowExA
SetTimer
EnumChildWindows
MessageBoxA
BeginPaint
EndPaint
GetWindowRect
GetClientRect
MoveWindow
PostMessageA
CallWindowProcA
CopyRect
DestroyWindow
ShowWindow
GetWindowLongA
LoadImageA
CreateWindowExA
SetWindowLongA
GetWindow
CharNextA
DrawTextA
IsWindowEnabled
GetDlgCtrlID
GetDlgItem
InvalidateRgn
SetCapture
ReleaseCapture
CreateAcceleratorTableA
GetDesktopWindow
RedrawWindow
FillRect
GetSysColor
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
UnionRect
PtInRect
GetKeyState
wsprintfA
GetClassNameA
SetWindowPos
EnableWindow
SendMessageA

gdi32

CreateSolidBrush
GetDeviceCaps
CreateMetaFileA
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
ExtTextOutA
SetBkColor
GetTextExtentPoint32A
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
StretchBlt
DeleteDC
SetTextColor
SetBkMode
GetStockObject
GetObjectA
DeleteObject
CreateFontIndirectA

comctl32

ImageList_Draw
_TrackMouseEvent
ImageList_Create
ImageList_AddMasked
ImageList_Destroy

winmm

mixerOpen
mixerGetNumDevs
mixerGetLineControlsA
mixerGetLineInfoA
mixerSetControlDetails
mixerGetControlDetailsA
mixerGetDevCapsA

ws2_32

closesocket
connect
setsockopt
send
recv
ntohl
socket
htons
htonl

olepro32

ord250
ord253

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA

ole32

OleInitialize
OleUninitialize
CoInitializeEx
CoUninitialize
StringFromCLSID
OleLoadFromStream
WriteClassStm
OleSaveToStream
CoTaskMemFree
OleRegEnumVerbs
OleRegGetUserType
CreateOleAdviseHolder
OleRegGetMiscStatus
CoTaskMemAlloc
CreateDataAdviseHolder
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleLockRunning
CoTaskMemRealloc
CreateStreamOnHGlobal

oleaut32

GetErrorInfo
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
SysAllocStringLen
VariantChangeType
DispCallFunc
LoadRegTypeLi
SysStringLen
VariantInit
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PPVod/QvodTerminal.exe
.exe windows:4 windows x86 arch:x86

6c72716c679cc5848e7f557abb3bf7c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACloseEvent
ntohl
WSAGetLastError
send
WSAEventSelect
WSAStartup
gethostname
ioctlsocket
select
__WSAFDIsSet
gethostbyname
recvfrom
ntohs
sendto
connect
inet_ntoa
inet_addr
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
recv
accept
setsockopt
socket
htonl
htons
bind
listen
WSACreateEvent
closesocket

advapi32

ControlService
OpenServiceA
StartServiceA
QueryServiceStatus
OpenSCManagerA
CreateServiceA
ChangeServiceConfig2A
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
DeleteService

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysStringLen
SysAllocString
SysFreeString

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
LoadLibraryA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
InterlockedExchange
IsBadReadPtr
GetVersionExA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
GetModuleHandleA
GetProcAddress
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapAlloc
GetStartupInfoA
GetStdHandle
SetHandleCount
SetEndOfFile
SetStdHandle
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
CreateEventA
CloseHandle
SetEvent
GetTickCount
WaitForSingleObject
GetDiskFreeSpaceExA
GetSystemDirectoryA
GetTempPathA
GetSystemTime
InterlockedIncrement
Sleep
InterlockedDecrement
CopyFileA
GetModuleFileNameA
QueryPerformanceCounter
LocalFree
LocalAlloc
GetLocalTime
WideCharToMultiByte
FindClose
FindNextFileA
FindFirstFileA
CreateProcessA
RtlUnwind
GetFileType
GetLastError
CreateFileA
CreateDirectoryA
MoveFileA
DeleteFileA
FlushFileBuffers
WriteFile
SetFilePointer
ReadFile
GetTimeZoneInformation
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
GetSystemTimeAsFileTime
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
HeapFree
GetCurrentThreadId
TlsAlloc
SetLastError

Sections

.text
Size: 308KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PPVod/Skin/Default/add.bmp
PPVod/Skin/Default/bottom.bmp
PPVod/Skin/Default/bottomback.bmp
PPVod/Skin/Default/caption.bmp
PPVod/Skin/Default/close.bmp
PPVod/Skin/Default/del.bmp
PPVod/Skin/Default/full.bmp
PPVod/Skin/Default/header.bmp
PPVod/Skin/Default/left.bmp
PPVod/Skin/Default/liststate.bmp
PPVod/Skin/Default/max.bmp
PPVod/Skin/Default/max_re.bmp
PPVod/Skin/Default/menu.bmp
PPVod/Skin/Default/min.bmp
PPVod/Skin/Default/mute.bmp
PPVod/Skin/Default/next.bmp
PPVod/Skin/Default/nomute.bmp
PPVod/Skin/Default/pause.bmp
PPVod/Skin/Default/play.bmp
PPVod/Skin/Default/player.bmp
PPVod/Skin/Default/playerfill.bmp
PPVod/Skin/Default/prev.bmp
PPVod/Skin/Default/progress_fill.bmp
PPVod/Skin/Default/progress_mask.bmp
PPVod/Skin/Default/progress_thumb.bmp
PPVod/Skin/Default/right.bmp
PPVod/Skin/Default/select.bmp
PPVod/Skin/Default/selectlist.bmp
PPVod/Skin/Default/skin.ini
PPVod/Skin/Default/split.bmp
PPVod/Skin/Default/split_bottom.bmp
PPVod/Skin/Default/stop.bmp
PPVod/Skin/Default/tabback.bmp
PPVod/Skin/Default/tabselect.bmp
PPVod/Skin/Default/toolbar.bmp
PPVod/Skin/Default/top.bmp
PPVod/Skin/Default/treestate.bmp
PPVod/Skin/Default/volume_fill.bmp
PPVod/Skin/Default/volume_mask.bmp
PPVod/Skin/Default/volume_thumb.bmp
PPVod/Skin/Default/vscrolldownarrow.bmp
PPVod/Skin/Default/vscrollspan.bmp
PPVod/Skin/Default/vscrollthumb.bmp
PPVod/Skin/Default/vscrolluparrow.bmp
PPVod/Skin/Default/webback.bmp
PPVod/Skin/Default/webmain.bmp
PPVod/Skin/Default/webnext.bmp
PPVod/Skin/Default/webre.bmp
PPVod/Skin/Default/webstop.bmp
PPVod/Temp/upd18.tmp
.exe windows:4 windows x86 arch:x86

4e33de3a1278d394facc501cb3329ae7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringA
LocalFree
GetOEMCP
GetACP
GetCPInfo
ReadFile
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
SetUnhandledExceptionFilter
FlushFileBuffers
WriteFile
HeapSize
GetCurrentProcess
TerminateProcess
HeapReAlloc
HeapAlloc
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapFree
RaiseException
RtlUnwind
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW
CreateDirectoryA
GetTempFileNameA
GetShortPathNameA
OpenFile
GetWindowsDirectoryA
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFilePointer
SetEndOfFile
GetVersion
OpenMutexA
CreateMutexA
GetTempPathA
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleA
lstrlenA
RemoveDirectoryA
GetModuleFileNameA
GetTickCount
Sleep
DeleteFileA
GetFileAttributesA
LoadLibraryA
GetProcAddress
FreeLibrary
GetSystemDirectoryA
GetDiskFreeSpaceExA
GetCurrentThreadId
InterlockedDecrement
GlobalAlloc
GlobalLock
GlobalUnlock
CreateThread
WaitForSingleObject
EnterCriticalSection
SetEvent
LeaveCriticalSection
CloseHandle
CreateEventA
FindFirstFileA
WritePrivateProfileStringA
FindNextFileA
FindClose
lstrcpyA
GetVersionExA
GetLastError
GetPrivateProfileStringA
LCMapStringA
SetEnvironmentVariableA

user32

SetDlgItemTextA
EndDialog
GetDlgItemTextA
GetDlgItem
IsDlgButtonChecked
SetWindowRgn
IsZoomed
GetSystemMetrics
PostQuitMessage
CheckRadioButton
SetFocus
GetScrollInfo
GetScrollRange
GetScrollPos
SetTimer
SetCapture
ReleaseCapture
FillRect
KillTimer
LoadImageA
IsWindow
GetWindowRect
GetDlgCtrlID
LoadAcceleratorsA
RegisterClassExA
LoadCursorA
LoadIconA
GetClassInfoExA
IsWindowEnabled
SetCursor
DrawStateA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
SetForegroundWindow
IsIconic
DialogBoxParamA
CheckMenuItem
GetSystemMenu
InsertMenuA
RegisterWindowMessageA
IsMenu
GetMenuItemInfoA
SetMenuItemInfoA
SetRectEmpty
IntersectRect
GetKeyState
SetWindowsHookExA
UnhookWindowsHookEx
WindowFromPoint
CallNextHookEx
DefWindowProcA
GetWindowLongA
SetWindowLongA
CreateWindowExA
DestroyWindow
CreatePopupMenu
AppendMenuA
CreateMenu
GetMenuState
ModifyMenuA
FindWindowA
GetDesktopWindow
PtInRect
SystemParametersInfoA
LoadMenuA
GetMenuItemCount
GetMenuStringA
GetMenuItemID
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
GetSubMenu
GetCursorPos
TrackPopupMenu
DestroyMenu
GetDC
EnableWindow
MoveWindow
CopyRect
SetWindowTextA
GetWindowDC
OffsetRect
GetFocus
ReleaseDC
InvalidateRect
BeginPaint
GetClientRect
DrawTextA
EndPaint
CallWindowProcA
GetParent
wsprintfA
MessageBoxA
ClientToScreen
ScreenToClient
ShowWindow
UpdateWindow
PostMessageA
SendMessageA
SetWindowPos

gdi32

Rectangle
SetROP2
CreateSolidBrush
GetClipBox
GetTextExtentPoint32A
CreateFontIndirectA
ExtTextOutA
StretchBlt
SetTextColor
CreatePen
MoveToEx
LineTo
SetBkMode
GetStockObject
GetObjectA
SetBkColor
CombineRgn
CreateRectRgn
GetPixel
DeleteDC
BitBlt
CreateCompatibleBitmap
SelectObject
DeleteObject
CreateCompatibleDC

comctl32

ImageList_GetImageCount
_TrackMouseEvent
ImageList_Draw
ImageList_Create
ImageList_AddMasked
ImageList_Destroy
InitializeFlatSB
InitCommonControlsEx
FlatSB_EnableScrollBar

shell32

DragFinish
Shell_NotifyIconA
DragAcceptFiles
SHFileOperationA
ShellExecuteA
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
DragQueryFileA

comdlg32

GetOpenFileNameA

ws2_32

send
socket
ntohl
closesocket
connect
WSAStartup
WSACleanup
inet_ntoa
ntohs
htonl
htons
recv
inet_addr
setsockopt

advapi32

StartServiceA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
DeleteService
ControlService
OpenSCManagerA
OpenServiceA
CreateServiceA
RegCloseKey
QueryServiceStatus
CloseServiceHandle
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA

ole32

CoInitializeSecurity
CoInitialize
StringFromCLSID
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysFreeString
VariantInit
VariantClear
GetErrorInfo

atl

ord39
ord42
ord47

Sections

.text
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PPVod/Temp/upd1A.tmp
.exe windows:4 windows x86 arch:x86

6c72716c679cc5848e7f557abb3bf7c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACloseEvent
ntohl
WSAGetLastError
send
WSAEventSelect
WSAStartup
gethostname
ioctlsocket
select
__WSAFDIsSet
gethostbyname
recvfrom
ntohs
sendto
connect
inet_ntoa
inet_addr
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
recv
accept
setsockopt
socket
htonl
htons
bind
listen
WSACreateEvent
closesocket

advapi32

ControlService
OpenServiceA
StartServiceA
QueryServiceStatus
OpenSCManagerA
CreateServiceA
ChangeServiceConfig2A
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
DeleteService

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysStringLen
SysAllocString
SysFreeString

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
LoadLibraryA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
InterlockedExchange
IsBadReadPtr
GetVersionExA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
GetModuleHandleA
GetProcAddress
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapAlloc
GetStartupInfoA
GetStdHandle
SetHandleCount
SetEndOfFile
SetStdHandle
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
CreateEventA
CloseHandle
SetEvent
GetTickCount
WaitForSingleObject
GetDiskFreeSpaceExA
GetSystemDirectoryA
GetTempPathA
GetSystemTime
InterlockedIncrement
Sleep
InterlockedDecrement
CopyFileA
GetModuleFileNameA
QueryPerformanceCounter
LocalFree
LocalAlloc
GetLocalTime
WideCharToMultiByte
FindClose
FindNextFileA
FindFirstFileA
CreateProcessA
RtlUnwind
GetFileType
GetLastError
CreateFileA
CreateDirectoryA
MoveFileA
DeleteFileA
FlushFileBuffers
WriteFile
SetFilePointer
ReadFile
GetTimeZoneInformation
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
GetSystemTimeAsFileTime
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
HeapFree
GetCurrentThreadId
TlsAlloc
SetLastError

Sections

.text
Size: 308KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4e33de3a1278d394facc501cb3329ae7

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

shell32

comdlg32

ws2_32

advapi32

ole32

oleaut32

atl

Sections

.text Size: 256KB - Virtual size: 252KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 24KB - Virtual size: 32KB

.rsrc Size: 36KB - Virtual size: 32KB

d63b9079665814b2265fabafa6fb4719

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

winmm

ws2_32

olepro32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 178KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 20KB - Virtual size: 26KB

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 16KB - Virtual size: 13KB

6c72716c679cc5848e7f557abb3bf7c4

Headers

File Characteristics

Imports

ws2_32

advapi32

ole32

oleaut32

version

kernel32

Sections

.text Size: 308KB - Virtual size: 306KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 24KB - Virtual size: 49KB

4e33de3a1278d394facc501cb3329ae7

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

shell32

comdlg32

ws2_32

advapi32

ole32

oleaut32

atl

Sections

.text Size: 252KB - Virtual size: 251KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 24KB - Virtual size: 32KB

.text
Size: 256KB - Virtual size: 252KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 24KB - Virtual size: 32KB

.rsrc
Size: 36KB - Virtual size: 32KB

.text
Size: 180KB - Virtual size: 178KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 20KB - Virtual size: 26KB

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 16KB - Virtual size: 13KB

.text
Size: 308KB - Virtual size: 306KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 24KB - Virtual size: 49KB

.text
Size: 252KB - Virtual size: 251KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 24KB - Virtual size: 32KB

.rsrc
Size: 36KB - Virtual size: 32KB

.text
Size: 308KB - Virtual size: 306KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 24KB - Virtual size: 49KB