69d949f4df848875c334f6a6d5d59437066ebe1c3a175b01ceb83709fa690b56

Sharing

Copy URL Twitter E-mail

General

Target

69d949f4df848875c334f6a6d5d59437066ebe1c3a175b01ceb83709fa690b56
Size

3.2MB
MD5

d9dc75fb0b3ffff158c0604b89b957dc
SHA1

1d9521588b4c635e1d7d93b18404d486c7f0b853
SHA256

69d949f4df848875c334f6a6d5d59437066ebe1c3a175b01ceb83709fa690b56
SHA512

78196d64838c85c1c827c34218b897cbbfffdeab7f77486438a2a63499ad067d31e9d47e06df74889026e93746a9c91f1dec6da470216bac6d7c4c4c7b743adf
SSDEEP

98304:xGyMCzmAtyTv8aBZAzeScCKmPELZXza3nb6:xGyMCzioaTEeSmmQXza3nb6

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
69d949f4df848875c334f6a6d5d59437066ebe1c3a175b01ceb83709fa690b56
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/insthelper.dll

Files

69d949f4df848875c334f6a6d5d59437066ebe1c3a175b01ceb83709fa690b56
.exe windows:4 windows x86 arch:x86

f4639a0b3116c2cfc71144b88a929cfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

lstrcmpiA
CreateFileW
GetTempFileNameW
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
WriteFile
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
SetEnvironmentVariableW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/insthelper.dll
.dll windows:5 windows x86 arch:x86

5586b694e0a3109f9bd9f3a899e9353d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\jenkins\lightregulate\lightregulate\setup\InstallScript\Res\insthelper.pdb

Imports

kernel32

GetThreadTimes
lstrlenA
FormatMessageW
FileTimeToLocalFileTime
GetFileTime
LockResource
GetLocalTime
GetDiskFreeSpaceW
GetFileSizeEx
GetVolumeInformationW
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
SetErrorMode
DeviceIoControl
IsDBCSLeadByte
SetEnvironmentVariableA
GetFullPathNameA
WriteConsoleW
SetStdHandle
ReadConsoleW
HeapQueryInformation
SetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
ReadFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
GetTimeZoneInformation
SetConsoleCtrlHandler
GetStdHandle
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
CreateSemaphoreW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
FatalAppExitA
GetDriveTypeW
GetFileAttributesExW
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
ExitThread
GetSystemTime
GetFullPathNameW
IsDebuggerPresent
GetCommandLineA
AreFileApisANSI
ExitProcess
EncodePointer
GetSystemTimeAsFileTime
GetStringTypeW
QueryDosDeviceW
LoadLibraryA
MapViewOfFile
SetFileTime
CreateFileA
FileTimeToSystemTime
GetFileAttributesW
GetTimeFormatW
GetFileAttributesA
SizeofResource
GetPrivateProfileStringW
CreateDirectoryW
LoadResource
FindResourceW
FindResourceExW
SetEndOfFile
FreeResource
GetFileSize
GetTempFileNameW
GetDateFormatW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryW
GetSystemInfo
GetComputerNameW
FreeLibrary
SetFileAttributesW
GetWindowsDirectoryW
DeleteCriticalSection
DecodePointer
RemoveDirectoryW
HeapSize
GetCurrentDirectoryW
RaiseException
GlobalUnlock
CreateFileW
HeapDestroy
CopyFileW
InitializeCriticalSectionAndSpinCount
WriteFile
GetProcessHeap
GlobalLock
HeapFree
MoveFileExW
HeapAlloc
HeapReAlloc
DeleteFileW
FindNextFileW
FindClose
GetTempPathW
lstrlenW
GetSystemDirectoryW
GetTickCount
FindFirstFileW
GetVersionExW
GetDiskFreeSpaceExW
ExpandEnvironmentStringsW
GlobalMemoryStatusEx
GetThreadPriority
CreatePipe
SetProcessWorkingSetSize
OpenThread
SetThreadPriorityBoost
GetStartupInfoW
SetThreadPriority
Thread32Next
GetExitCodeProcess
ReadProcessMemory
Thread32First
GetPriorityClass
SetProcessPriorityBoost
GetCurrentThread
GetProcessPriorityBoost
SetPriorityClass
GetThreadIOPendingFlag
IsWow64Process
SystemTimeToFileTime
VerifyVersionInfoW
VerSetConditionMask
MoveFileW
LocalFree
InterlockedIncrement
InterlockedDecrement
SetFilePointer
QueryPerformanceFrequency
QueryPerformanceCounter
ResetEvent
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
GetPrivateProfileIntW
GetModuleHandleExW
IsProcessorFeaturePresent
LocalAlloc
LocalLock
LocalUnlock
LoadLibraryExW
CreateFileMappingW
GlobalReAlloc
MulDiv
OutputDebugStringA
GetCurrentThreadId
OpenEventW
OpenFileMappingW
GetModuleFileNameA
EnterCriticalSection
SetLastError
LeaveCriticalSection
InitializeCriticalSection
OutputDebugStringW
SetEvent
VirtualQuery
UnmapViewOfFile
CreateThread
GetModuleHandleW
GetProcAddress
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameW
lstrcpynW
lstrcmpiW
GetCurrentProcessId
GetCurrentProcess
OpenProcess
GlobalAlloc
CreateProcessW
CloseHandle
GetLastError
TerminateProcess
Sleep
InterlockedCompareExchange
InterlockedExchange
lstrcpyW
SetFilePointerEx
GlobalFree

user32

MapWindowPoints
DestroyMenu
GetClassInfoExW
SendMessageW
CreateWindowExW
DefWindowProcW
RegisterClassExW
DrawTextW
GetMenuItemInfoW
MessageBoxA
DrawIconEx
GetMenuState
GetSystemMenu
GetWindowTextW
SetWindowLongW
RedrawWindow
GetActiveWindow
SetWindowRgn
IsZoomed
SystemParametersInfoW
GetAncestor
EnableWindow
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
GetSysColor
InflateRect
FillRect
GetWindowThreadProcessId
MonitorFromPoint
GetMonitorInfoW
GetMenuItemCount
SetMenuItemInfoW
IsMenu
GetCaretPos
GetClassNameW
GetFocus
TrackMouseEvent
WindowFromPoint
ClientToScreen
GetClassInfoW
SetMenuInfo
GetMenuInfo
DeleteMenu
DrawFocusRect
DestroyIcon
PrivateExtractIconsW
LoadStringW
SetRectEmpty
GetParent
IsWindow
MoveWindow
GetWindowRect
LoadCursorW
PostMessageW
ShowWindow
CreateDesktopW
OpenDesktopW
CharUpperBuffW
EnumWindows
GetIconInfo
GetForegroundWindow
EnumChildWindows
GetShellWindow
SetThreadDesktop
CloseDesktop
SendMessageTimeoutW
GetDlgItem
FindWindowW
FindWindowExW
SetDlgItemTextW
CallWindowProcW
DestroyWindow
SetWindowPos
SetWindowTextW
PostQuitMessage
GetDlgItemTextW
GetSystemMetrics
UpdateWindow
SetRect
GetDesktopWindow
LoadImageW
ExitWindowsEx
SetClipboardData
OpenClipboard
EmptyClipboard
UnregisterClassW
CloseClipboard
DispatchMessageW
TranslateMessage
GetMessageW
FindWindowA
PtInRect
OffsetRect
IntersectRect
GetDC
ReleaseDC
SetCapture
ReleaseCapture
GetCapture
GetKeyState
SetTimer
KillTimer
GetWindowLongW
RegisterWindowMessageW
GetClientRect
UnionRect
InvalidateRect
IsRectEmpty
BeginPaint
EndPaint
UpdateLayeredWindow
IsWindowVisible
CreateCaret
ShowCaret
HideCaret
SetCaretPos
SetCursor
SetFocus
ScreenToClient
GetCursorPos
EqualRect
GetUserObjectInformationW
IsHungAppWindow
GetThreadDesktop
PeekMessageW
GetSubMenu
GetWindow

gdi32

GetCurrentObject
GetTextExtentExPointW
TextOutW
PatBlt
LPtoDP
CreateBitmap
SelectClipRgn
SetRectRgn
CreateRectRgnIndirect
DPtoLP
Polyline
RectVisible
ExtCreatePen
GetBkMode
CreatePenIndirect
SaveDC
SetStretchBltMode
GetStretchBltMode
GetTextColor
RestoreDC
CreatePatternBrush
CreateSolidBrush
GetDIBits
RealizePalette
SelectPalette
CreateDCW
GetTextExtentPoint32W
GetObjectA
CombineRgn
ExtCreateRegion
StretchBlt
SetTextColor
SetViewportOrgEx
Rectangle
LineTo
MoveToEx
ExtTextOutW
SetBkColor
GetTextMetricsW
GetObjectW
CreateFontIndirectW
CreateRectRgn
ExcludeClipRect
BitBlt
CreateCompatibleBitmap
GetClipBox
RoundRect
CreatePen
SetBkMode
GetStockObject
SelectObject
CreateDIBSection
DeleteDC
CreateCompatibleDC
DeleteObject
GetDeviceCaps
CreateDCA

advapi32

RegOpenKeyExA
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
GetUserNameW
RegQueryValueExW
GetLengthSid
FreeSid
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
SetFileSecurityW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExA
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetAce
GetSidLengthRequired
InitializeSid
AddAce
GetFileSecurityW
DuplicateToken
MapGenericMask
AccessCheck
GetSecurityDescriptorDacl
GetAclInformation
LookupAccountSidW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
CryptEncrypt
RegGetKeySecurity
RegSetKeySecurity
ConvertStringSidToSidW
RegEnumKeyW
RegOpenKeyW
RegQueryInfoKeyW
CloseServiceHandle
DeleteService
OpenSCManagerW
EnumDependentServicesW
OpenServiceW
QueryServiceConfig2W
ChangeServiceConfig2W
StartServiceW
ChangeServiceConfigW
QueryServiceStatusEx
ControlService
QueryServiceConfigW
CryptAcquireContextA
CryptGenRandom
RegEnumKeyExW
CreateServiceW
QueryServiceStatus
GetTokenInformation
ConvertSidToStringSidW
CryptGetHashParam
CryptImportKey
CryptSetKeyParam

shell32

SHChangeNotify
ord51
SHGetDesktopFolder
SHGetFileInfoW
ExtractIconExW
SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteExW
SHCreateDirectoryExW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetFolderPathW
ord165
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoInitialize
IIDFromString
StringFromIID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateGuid

oleaut32

VariantInit
VarBstrCmp
SysStringByteLen
VariantClear
SysAllocString
SysAllocStringLen
CreateErrorInfo
SysStringLen
SysAllocStringByteLen
SafeArrayGetLBound
SysFreeString
OleCreatePictureIndirect
VariantTimeToSystemTime
SafeArrayGetElement
SafeArrayGetUBound
GetErrorInfo
VariantChangeType
SetErrorInfo

shlwapi

PathAppendW
PathFileExistsW
UrlIsW
StrRChrIW
PathIsDirectoryW
PathAddBackslashW
PathStripToRootW
SHDeleteKeyW
wnsprintfW
StrTrimW
StrCmpNIA
StrStrIA
StrChrA
PathRemoveBackslashW
PathStripPathW
StrStrW
PathFindFileNameW
PathRemoveFileSpecW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

msimg32

AlphaBlend

dwmapi

DwmGetColorizationColor

imm32

ImmGetDefaultIMEWnd
ImmAssociateContext
ImmGetContext
ImmReleaseContext

gdiplus

GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawString
GdipFillPath
GdipFillPieI
GdipDrawPath
GdipDrawArcI
GdipDrawLineI
GdipSetInterpolationMode
GdipAddPathString
GdipAddPathArcI
GdipAddPathLineI
GdipDeletePath
GdipCreatePath
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetStringFormatLineAlign
GdipSetPenWidth
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCloneBitmapAreaI
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipLoadImageFromFileICM
GdipCloneImage
GdipDrawImageRectRectI
GdipDrawImagePointsI
GdipLoadImageFromStream
GdipGraphicsClear
GdipLoadImageFromFile
GdipGetImageGraphicsContext
GdipDisposeImage
GdipRotateMatrix
GdipScaleMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdiplusShutdown
GdiplusStartup
GdipImageSelectActiveFrame
GdipGetImageHeight
GdipGetImageWidth
GdipFillRectangleI
GdipDrawRectangleI
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipMeasureString
GdipDrawImageRectRect
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFree
GdipAlloc
GdipGetImagePixelFormat
GdipGetImageThumbnail
GdipCreateBitmapFromHBITMAP
GdipBitmapGetPixel
GdipLoadImageFromStreamICM
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI
GdipGetImageRawFormat
GdipSetPenDashArray
GdipSetWorldTransform

ntdll

RtlInitUnicodeString
NtUnlockVirtualMemory
NtDuplicateObject
NtSuspendProcess
NtSetSystemInformation
NtTerminateProcess
NtQuerySystemInformation
NtQueryInformationProcess
RtlNtStatusToDosError
NtClose
NtResumeProcess
NtSetInformationProcess
NtLockVirtualMemory
RtlUnwind
RtlNtPathNameToDosPathName
NtOpenProcess
NtCreatePagingFile

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

mpr

WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceW

ws2_32

ioctlsocket
send
select
__WSAFDIsSet
getpeername
WSAIoctl
connect
htonl
freeaddrinfo
WSAEventSelect
getsockopt
WSAStartup
ntohs
getsockname
setsockopt
WSACleanup
htons
getaddrinfo
ntohl
WSAGetLastError
WSASetLastError
socket
bind
recv
closesocket

dbghelp

MiniDumpWriteDump

netapi32

NetApiBufferFree
NetWkstaTransportEnum
Netbios

wininet

GetUrlCacheEntryInfoExW

Exports

Exports

AbortInstall
CreateInstallWnd
DirLeave
DoUnAdData
ExitWork
GeProtectStartState
GetAppdataLocalLow
GetAutoStartState
GetCheckBoxStatus
GetInstallSvrState
GetTNFromPackageName
GetXFromPackageName
HideWindow
InitInstallHelper
InitUnInstallHelper
KillProcess
NewNsisWndProc
NotifyHostSetupStatus
NotifyInstallStatus
RegisterExt
ReportSilentInstall
UnRegisterExt
UninitInstallHelper
UninstallWebAdapter
WriteMustRebootTag

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 427KB - Virtual size: 427KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/res/skin/ask_icon.png
.png
$PLUGINSDIR/res/skin/btn_blue_90_30.png
.png
$PLUGINSDIR/res/skin/btn_close.png
.png
$PLUGINSDIR/res/skin/btn_push.png
.png
$PLUGINSDIR/res/skin/btn_white_90_30.png
.png
$PLUGINSDIR/res/skin/checkbox.png
.png
$PLUGINSDIR/res/skin/checkout.png
.png
$PLUGINSDIR/res/skin/done.png
.png
$PLUGINSDIR/res/skin/dot_down.png
.png
$PLUGINSDIR/res/skin/dot_up.png
.png
$PLUGINSDIR/res/skin/error.png
.png
$PLUGINSDIR/res/skin/gb.png
.png
$PLUGINSDIR/res/skin/ic_info_46.png
.png
$PLUGINSDIR/res/skin/slogen.png
.png
$PLUGINSDIR/res/skin/title_icon_image.png
.png
$PLUGINSDIR/res/skin/triangle.png
.png

Sharing

General

Malware Config

Signatures

Files

f4639a0b3116c2cfc71144b88a929cfd

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 170KB

.ndata Size: - Virtual size: 120KB

.rsrc Size: 188KB - Virtual size: 187KB

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 662B

5586b694e0a3109f9bd9f3a899e9353d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

msimg32

dwmapi

imm32

gdiplus

ntdll

psapi

mpr

ws2_32

dbghelp

netapi32

wininet

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 427KB - Virtual size: 427KB

.data Size: 57KB - Virtual size: 85KB

.rsrc Size: 318KB - Virtual size: 317KB

.reloc Size: 114KB - Virtual size: 114KB

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 170KB

.ndata
Size: - Virtual size: 120KB

.rsrc
Size: 188KB - Virtual size: 187KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 427KB - Virtual size: 427KB

.data
Size: 57KB - Virtual size: 85KB

.rsrc
Size: 318KB - Virtual size: 317KB

.reloc
Size: 114KB - Virtual size: 114KB