735b9adf451a58ad809df0fe89d71f6e0b1adc7e13e978dfd2f1617a04e82ce6

Sharing

Copy URL Twitter E-mail

General

Target

735b9adf451a58ad809df0fe89d71f6e0b1adc7e13e978dfd2f1617a04e82ce6
Size

839KB
MD5

c121143d41e5035ef775a863903f2565
SHA1

f91e4a154cbb02d9a93a85ed06615211cd6a9eec
SHA256

735b9adf451a58ad809df0fe89d71f6e0b1adc7e13e978dfd2f1617a04e82ce6
SHA512

022423b13da10802513e0fcaed9c136d03d97f8750cebad40e1d0ee071a78c605573c3a80a1b1a0f00ba902212f9ae1e21a7f21510f3241ebf9603e7ca34eaab
SSDEEP

12288:ytu//ub8NSICsyJoUa5SDCw0iU/g7MiuncLTsodk2df+PLMOoAW:ytc/rYITyEBw0iWg7MiunOHdB8z9W

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
735b9adf451a58ad809df0fe89d71f6e0b1adc7e13e978dfd2f1617a04e82ce6
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/NScurl.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsJSON.dll
unpack001/$PLUGINSDIR/nsisFirewallW.dll
unpack001/Uninstall.exe
unpack002/$PLUGINSDIR/nsisFirewallW.dll

Files

735b9adf451a58ad809df0fe89d71f6e0b1adc7e13e978dfd2f1617a04e82ce6
.exe windows:4 windows x86 arch:x86

730491907e677638ab304e28646ba09c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SetFileSecurityW

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectW
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileW
CreateDirectoryW
CreateFileW
CreateProcessW
CreateThread
DeleteFileW
ExitProcess
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetDiskFreeSpaceW
GetExitCodeProcess
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetShortPathNameW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetTickCount
GetVersion
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryExW
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryW
SearchPathW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetFileAttributesW
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
lstrcatW
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpyA
lstrcpynW
lstrlenA
lstrlenW

ole32

CoCreateInstance
CoTaskMemFree
IIDFromString
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderW
SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW

user32

AppendMenuW
BeginPaint
CallWindowProcW
CharNextA
CharNextW
CharPrevW
CheckDlgButton
CloseClipboard
CreateDialogParamW
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExW
GetClassInfoW
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextW
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongW
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadCursorW
LoadImageW
MessageBoxIndirectW
OpenClipboard
PeekMessageW
PostQuitMessage
RegisterClassW
ReleaseDC
ScreenToClient
SendMessageTimeoutW
SendMessageW
SetClassLongW
SetClipboardData
SetCursor
SetDlgItemTextW
SetForegroundWindow
SetTimer
SetWindowLongW
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
TrackPopupMenu
wsprintfA
wsprintfW

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 170KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 512B - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

62734a8f9e9c1184cf5a30c332ae53cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateToolhelp32Snapshot
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GlobalAlloc
GlobalFree
InitializeCriticalSection
LeaveCriticalSection
MultiByteToWideChar
OpenProcess
Process32FirstW
Process32NextW
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcpyW
lstrcpynW

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_onexit
_unlock
_wcsicmp
abort
calloc
free
fwrite
malloc
strlen
strncmp
vfprintf

user32

wsprintfW

Exports

Exports

KillProc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 75B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NScurl.dll
.dll windows:4 windows x86 arch:x86

41884573226320c2c50707d03ca9e501

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGenRandom
CryptGetHashParam
CryptHashData
CryptReleaseContext

kernel32

CloseHandle
CompareStringA
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileW
CreateMutexA
CreateThread
DeleteCriticalSection
EnterCriticalSection
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileW
FindResourceExW
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetFileSize
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadResource
LockResource
MoveFileExA
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReleaseMutex
ResetEvent
SetEvent
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepEx
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrcmpiW
lstrcpyW
lstrcpynA
lstrcpynW
lstrlenA
lstrlenW

msvcrt

_access
_amsg_exit
_beginthread
_beginthreadex
_errno
_initterm
_iob
_lock
_snprintf
_snwprintf
_stati64
_strdup
_sys_nerr
_read
_unlink
_unlock
_vscprintf
_vsnprintf
_write
abort
calloc
fclose
feof
ferror
fflush
fgets
fopen
fputc
fread
free
gmtime
fseek
ftell
fwrite
islower
isspace
isupper
memchr
isxdigit
malloc
memcmp
memcpy
memmove
memset
printf
putchar
puts
qsort
rand
realloc
sprintf
sscanf
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
time
tolower
vfprintf
wcscat

user32

CallWindowProcW
CopyRect
CreateDialogParamW
CreateWindowExW
DestroyIcon
DestroyWindow
DispatchMessageW
EnableMenuItem
EnableWindow
FindWindowExW
GetDesktopWindow
GetDlgItem
GetPropW
GetSystemMenu
GetSystemMetrics
GetWindow
GetWindowLongW
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
IsDialogMessageW
IsWindow
IsWindowEnabled
IsWindowVisible
LoadImageW
MsgWaitForMultipleObjects
OffsetRect
PeekMessageW
RemovePropW
ScreenToClient
SendDlgItemMessageW
SendMessageW
SetForegroundWindow
SetPropW
SetWindowLongW
SetWindowPos
SetWindowTextW
TranslateMessage
wsprintfW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
gethostname
getpeername
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
setsockopt
shutdown
socket

Exports

Exports

cancel
curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_version
curl_version_info
echo
enumerate
escape
http
md5
query
sha1
sha256
unescape
wait

Sections

.text
Size: 736KB - Virtual size: 735KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

d97200bf79843dac1c997cdc037e76af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleW
GetProcAddress
GlobalAlloc
GlobalFree
GlobalSize
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
Sleep
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcpyW
lstrcpynW
lstrlenW

msvcrt

_amsg_exit
_initterm
_iob
_lock
_unlock
abort
calloc
free
fwrite
realloc
strlen
strncmp
vfprintf

ole32

CLSIDFromString
StringFromGUID2

user32

wsprintfW

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 152B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 179B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

c442f1649aa0670a32c622fadfcd00bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW

gdi32

SetTextColor

kernel32

GetCurrentDirectoryW
GetFileAttributesW
GetProcessHeap
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
HeapReAlloc
MulDiv
MultiByteToWideChar
SetCurrentDirectoryW
WideCharToMultiByte
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW

ole32

CoTaskMemFree

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

user32

CallWindowProcW
CharNextW
CharPrevW
CreateDialogParamW
CreateWindowExW
DestroyWindow
DispatchMessageW
DrawFocusRect
DrawTextW
GetClientRect
GetDlgItem
GetMessageW
GetPropW
GetSysColor
GetWindowLongW
GetWindowRect
GetWindowTextW
IsDialogMessageW
IsWindow
KillTimer
LoadCursorW
MapDialogRect
MapWindowPoints
RemovePropW
SendMessageW
SetCursor
SetPropW
SetTimer
SetWindowLongW
SetWindowPos
ShowWindow
TranslateMessage
wsprintfW

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 363B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsJSON.dll
.dll windows:6 windows x86 arch:x86

674631b5b86309caa1d0df66c91a50f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetSetOptionW
InternetQueryDataAvailable
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetCrackUrlW

kernel32

lstrcpyW
GetModuleHandleA
CreateProcessW
CreateThread
GetExitCodeProcess
WaitForSingleObject
CreatePipe
SetHandleInformation
lstrcpynW
lstrcatW
FormatMessageW
CreateFileW
GetFileSize
ReadFile
WriteFile
CloseHandle
GetLastError
SetLastError
GlobalAlloc
GlobalReAlloc
GlobalFree
lstrcmpW
lstrcmpiW
WideCharToMultiByte
lstrlenA
lstrlenW
MultiByteToWideChar
LocalFree

user32

wsprintfW
IsCharAlphaNumericW
TranslateMessage
DispatchMessageW
PeekMessageW
PostMessageW
MsgWaitForMultipleObjectsEx

Exports

Exports

Delete
Get
Quote
Serialize
Set
Sort
Wait

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisFirewallW.dll
.dll windows:4 windows x86 arch:x86

18ecfc7436b69f8c13ec22664f9f1857

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
InterlockedDecrement
LocalFree

user32

wsprintfW

ole32

OleRun
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

GetErrorInfo
SysFreeString
SysAllocString

msvcrt

free
_adjust_fdiv
malloc
_initterm
_CxxThrowException
??2@YAPAXI@Z
??3@YAXPAX@Z
??1type_info@@UAE@XZ
__CxxFrameHandler

Exports

Exports

AddAuthorizedApplication
RemoveAuthorizedApplication

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:4 windows x86 arch:x86

730491907e677638ab304e28646ba09c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SetFileSecurityW

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectW
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileW
CreateDirectoryW
CreateFileW
CreateProcessW
CreateThread
DeleteFileW
ExitProcess
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetDiskFreeSpaceW
GetExitCodeProcess
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetShortPathNameW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetTickCount
GetVersion
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryExW
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryW
SearchPathW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetFileAttributesW
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
lstrcatW
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpyA
lstrcpynW
lstrlenA
lstrlenW

ole32

CoCreateInstance
CoTaskMemFree
IIDFromString
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderW
SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW

user32

AppendMenuW
BeginPaint
CallWindowProcW
CharNextA
CharNextW
CharPrevW
CheckDlgButton
CloseClipboard
CreateDialogParamW
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExW
GetClassInfoW
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextW
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongW
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadCursorW
LoadImageW
MessageBoxIndirectW
OpenClipboard
PeekMessageW
PostQuitMessage
RegisterClassW
ReleaseDC
ScreenToClient
SendMessageTimeoutW
SendMessageW
SetClassLongW
SetClipboardData
SetCursor
SetDlgItemTextW
SetForegroundWindow
SetTimer
SetWindowLongW
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
TrackPopupMenu
wsprintfA
wsprintfW

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 170KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 512B - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/nsisFirewallW.dll
.dll windows:4 windows x86 arch:x86

18ecfc7436b69f8c13ec22664f9f1857

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
InterlockedDecrement
LocalFree

user32

wsprintfW

ole32

OleRun
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

GetErrorInfo
SysFreeString
SysAllocString

msvcrt

free
_adjust_fdiv
malloc
_initterm
_CxxThrowException
??2@YAPAXI@Z
??3@YAXPAX@Z
??1type_info@@UAE@XZ
__CxxFrameHandler

Exports

Exports

AddAuthorizedApplication
RemoveAuthorizedApplication

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config.db
torrserver.db

Sharing

General

Malware Config

Signatures

Files

730491907e677638ab304e28646ba09c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

Sections

.text Size: 36KB - Virtual size: 36KB

.data Size: 512B - Virtual size: 232B

.rdata Size: 30KB - Virtual size: 30KB

.bss Size: - Virtual size: 170KB

.idata Size: 5KB - Virtual size: 4KB

.ndata Size: 512B - Virtual size: 176KB

.rsrc Size: 55KB - Virtual size: 55KB

62734a8f9e9c1184cf5a30c332ae53cb

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 28B

.rdata Size: 1024B - Virtual size: 792B

.bss Size: - Virtual size: 1KB

.edata Size: 512B - Virtual size: 75B

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 1024B - Virtual size: 628B

41884573226320c2c50707d03ca9e501

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

version

ws2_32

Exports

Exports

Sections

.text Size: 736KB - Virtual size: 735KB

.data Size: 1KB - Virtual size: 1KB

.rdata Size: 180KB - Virtual size: 180KB

.eh_fram Size: 84KB - Virtual size: 83KB

.bss Size: - Virtual size: 11KB

.edata Size: 2KB - Virtual size: 2KB

.idata Size: 6KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 221KB - Virtual size: 221KB

.reloc Size: 22KB - Virtual size: 22KB

d97200bf79843dac1c997cdc037e76af

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ole32

user32

Exports

Exports

.text
Size: 36KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 232B

.rdata
Size: 30KB - Virtual size: 30KB

.bss
Size: - Virtual size: 170KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 512B - Virtual size: 176KB

.rsrc
Size: 55KB - Virtual size: 55KB

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 28B

.rdata
Size: 1024B - Virtual size: 792B

.bss
Size: - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 75B

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 1024B - Virtual size: 628B

.text
Size: 736KB - Virtual size: 735KB

.data
Size: 1KB - Virtual size: 1KB

.rdata
Size: 180KB - Virtual size: 180KB

.eh_fram
Size: 84KB - Virtual size: 83KB

.bss
Size: - Virtual size: 11KB

.edata
Size: 2KB - Virtual size: 2KB

.idata
Size: 6KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 221KB - Virtual size: 221KB

.reloc
Size: 22KB - Virtual size: 22KB

.text
Size: 17KB - Virtual size: 17KB

.data
Size: 512B - Virtual size: 44B

.rdata
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 152B

.edata
Size: 512B - Virtual size: 179B

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 512B - Virtual size: 468B

.bss
Size: - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 363B

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 144B

.reloc
Size: 1024B - Virtual size: 516B

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 64B

.rsrc
Size: 1024B - Virtual size: 784B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 324B

.reloc
Size: 1024B - Virtual size: 546B