PlaceCard_v2[.]2[.]23[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

PlaceCard_v2.2.23.exe
Size

3.2MB
MD5

271239772adf94854cafcaf3ab502679
SHA1

54c1161ac32cc7d023517abf56223265b707244e
SHA256

ed4444e2e0d4232f93f84362cb2d84ccf997d5af9297259937a36f1565872a4a
SHA512

bcd5388df62d360350a1fb5aad4c9d1adb5443564bad24186c67c7bc767db41a969b65ba6e2161310f564e23008da957465d8c1bb4a63594ccd6f0aa1f7efc5f
SSDEEP

98304:2euMiMH8QMSHHWLPWrp/NFyKpDNv0yGuVMMj:2O8HSnsy/JHv0yP+Mj

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
PlaceCard_v2.2.23.exe
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsProcess.dll
unpack001/PlaceCard.exe

Files

PlaceCard_v2.2.23.exe
.exe windows:4 windows x86 arch:x86

9dda1a1d1f8a1d13ae0297b47046b26e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
WriteFile
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
CopyFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 248KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

fe3375e7e4529b73ba45ab2246b9269b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrlenW
GlobalAlloc
lstrcmpW
GetModuleHandleW
MulDiv
lstrcpyW
lstrcpynW

user32

SetWindowTextW
SetDlgItemTextW
SendDlgItemMessageW
EndDialog
DialogBoxParamW
LoadIconW
SendMessageW
ShowWindow
GetDC

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 681B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

3b477381217c97b22146297f93df2a92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
GetFileAttributesW
lstrcmpiW
MulDiv
lstrlenW
HeapFree
GetProcessHeap
GetCurrentDirectoryW
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
HeapAlloc
SetCurrentDirectoryW

user32

GetPropW
DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
RemovePropW
CharPrevW
GetWindowLongW
DrawTextW
GetWindowTextW
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
MapDialogRect
GetClientRect
CharNextW
SendMessageW
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:5 windows x86 arch:x86

439074d1c01f7b16781bdf060930814a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
OpenProcess
MultiByteToWideChar
lstrlenA
lstrlenW
LoadLibraryA
lstrcmpiW
lstrcpynW
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryW
GetVersionExW
GlobalFree
GlobalAlloc

user32

GetWindowThreadProcessId
EnumWindows
wsprintfW
PostMessageW

Exports

Exports

_CloseProcess
_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 927B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PlaceCard.exe
.exe windows:5 windows x64 arch:x64

c0308ed9a75150fbdea0467dbb62180f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\Develop\IL_PlaceCard\x64\Release\PlaceCard.pdb

Imports

kernel32

FlushFileBuffers
MoveFileW
DeleteFileW
GetFileAttributesW
GetFullPathNameW
GetVolumeInformationW
FindClose
SearchPathW
GetFileTime
GetWindowsDirectoryW
CreateDirectoryW
CreateThread
ResumeThread
WaitForSingleObject
OpenProcess
MulDiv
GetCurrentThreadId
LoadLibraryW
CreateMutexW
WaitForSingleObjectEx
ReleaseMutex
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
GetCommState
SetCommState
SetCommMask
WaitCommEvent
SetupComm
SetCommTimeouts
ClearCommError
GetOverlappedResult
PurgeComm
EscapeCommFunction
LockFile
WriteFile
WriteConsoleW
GetConsoleCP
GetConsoleMode
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
ReadFile
FindFirstFileExW
HeapSize
HeapReAlloc
SetStdHandle
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
GetStdHandle
GetModuleHandleExW
ExitProcess
GetFileType
GetACP
RtlPcToFileHeader
RtlUnwindEx
ExpandEnvironmentStringsA
LoadLibraryA
InitializeSListHead
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStringTypeW
EncodePointer
SetFilePointerEx
GetFileSizeEx
SetFilePointer
CreateFileW
SetEndOfFile
GetLocalTime
GetThreadLocale
GetModuleHandleW
SetThreadLocale
SetThreadUILanguage
GetLocaleInfoW
CreateProcessW
GetCurrentProcess
VerifyVersionInfoW
VerSetConditionMask
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExW
FreeLibrary
FormatMessageW
LocalFree
GetProcAddress
UnlockFile
FileTimeToSystemTime
SizeofResource
LockResource
LoadResource
FindResourceW
SetLastError
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WaitForMultipleObjects
GetTickCount
ResetEvent
LeaveCriticalSection
EnterCriticalSection
CreateEventW
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
SetEvent
Sleep
FindNextFileW
FindFirstFileW
GetSystemDefaultLCID
GetModuleFileNameW
ExpandEnvironmentStringsW
GetCommandLineA
GetLastError
RtlUnwind

user32

IsWindow
SetActiveWindow
GetActiveWindow
EndDialog
PostQuitMessage
GetDesktopWindow
CreateDialogParamW
CallWindowProcW
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetWindowLongPtrW
SetWindowLongPtrW
GetTopWindow
GetLastActivePopup
DefWindowProcW
RegisterClassExW
CreateWindowExW
GetWindowTextLengthW
GetGUIThreadInfo
DestroyMenu
MapWindowPoints
IsWindowEnabled
PeekMessageW
GetScrollInfo
SetCapture
UpdateWindow
SetCursor
PtInRect
ReleaseCapture
MessageBoxW
GetCursorInfo
MonitorFromWindow
GetMonitorInfoW
GetCapture
WindowFromPoint
GetDoubleClickTime
LoadCursorW
UnregisterClassW
SetMenuItemInfoW
GetMenuItemInfoW
GetSystemMetrics
ValidateRect
GetMessageW
TranslateMessage
RedrawWindow
UnionRect
SetWindowPlacement
IsZoomed
FindWindowW
RegisterWindowMessageW
InflateRect
GetComboBoxInfo
SetWindowTextW
SendMessageW
GetWindowRgn
ClientToScreen
ScreenToClient
InvalidateRect
GetParent
SetDlgItemInt
GetDlgItemInt
CheckDlgButton
GetKeyboardState
GetWindowPlacement
GetClassNameW
GetForegroundWindow
GetMenuItemCount
CreateAcceleratorTableW
RegisterHotKey
DestroyAcceleratorTable
UnregisterHotKey
GetKeyNameTextW
DrawTextW
GetMenuItemID
UnregisterDeviceNotification
RegisterDeviceNotificationW
AppendMenuW
DispatchMessageW
IsIconic
GetFocus
TranslateAcceleratorW
CheckMenuRadioItem
DestroyCursor
GetAncestor
IsDlgButtonChecked
GetSysColorBrush
ShowWindow
CheckRadioButton
GetSystemMenu
GetClientRect
BeginDeferWindowPos
SetRect
DeferWindowPos
EndDeferWindowPos
GetDlgItem
GetWindow
VkKeyScanExW
LoadKeyboardLayoutW
GetKeyboardLayout
GetWindowThreadProcessId
BlockInput
MapVirtualKeyExW
SendInput
SetWindowLongW
GetSubMenu
EnableMenuItem
OffsetRect
TrackPopupMenuEx
GetCursorPos
TrackPopupMenu
GetWindowRect
DestroyWindow
GetDlgCtrlID
SetFocus
GetDlgItemTextW
SetDlgItemTextW
DeleteMenu
IsDialogMessageW
GetSysColor
EnableWindow
SetWindowPos
SetForegroundWindow
GetWindowTextW
CheckMenuItem
SetMenuDefaultItem
GetKeyState
PostMessageW
SendDlgItemMessageW
SetClipboardData
EmptyClipboard
OpenClipboard
CloseClipboard
InsertMenuItemW
GetWindowDC
ReleaseDC
DestroyIcon
SystemParametersInfoW
SetTimer
KillTimer
IsWindowVisible
LoadStringW
LoadImageW
LoadIconW
LoadBitmapW
LoadMenuW
OemToCharA
CharToOemA
CharToOemBuffA
MapVirtualKeyW
MonitorFromRect
SetScrollInfo
GetScrollRange
ScrollWindow
SetScrollPos
GetWindowLongW
GetScrollPos
MessageBeep
GetDC
GetIconInfo
CharUpperW

gdi32

FrameRgn
ExtCreatePen
CreateHatchBrush
CreateRectRgn
GetDeviceCaps
ExtTextOutW
SetBkColor
DeleteDC
LineTo
MoveToEx
Rectangle
CreatePen
GetCurrentObject
GetTextExtentPoint32W
GetStockObject
GetDIBits
SetTextColor
SetBkMode
SelectObject
DeleteObject
CreateFontIndirectW
GetObjectW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueExA
RegOpenKeyExA
GetTokenInformation
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegSetValueExW
OpenProcessToken

shell32

SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
SHParseDisplayName
SHOpenFolderAndSelectItems
SHGetFileInfoW
SHFileOperationW
Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW

ole32

CoInitializeEx
StgCreateDocfile
PropVariantClear
CoCreateInstance
CoTaskMemFree
CLSIDFromProgID
CoUninitialize
CoInitialize
CoGetMalloc

oleaut32

VariantClear
SysAllocString
VariantInit
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreate
SysStringLen
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayPutElement

shlwapi

ColorRGBToHLS
ColorHLSToRGB
PathIsUNCW
PathStripToRootW
SHStrDupW

winscard

SCardFreeMemory
SCardListReadersW
SCardTransmit
SCardDisconnect
g_rgSCardT1Pci
g_rgSCardT0Pci
SCardGetStatusChangeW
SCardEstablishContext
SCardReleaseContext
SCardCancel
SCardConnectW

comctl32

ImageList_Draw
ImageList_Destroy
ImageList_LoadImageW
InitCommonControlsEx
ImageList_DrawEx
ImageList_AddMasked

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

HttpQueryInfoW
InternetCrackUrlW
InternetOpenW
InternetConnectW
InternetCloseHandle
HttpOpenRequestW
HttpSendRequestW

ws2_32

WSAStartup
WSACleanup
WSAAddressToStringW
getpeername
WSASetLastError
closesocket
WSAEnumNetworkEvents
WSAAccept
WSAEventSelect
listen
bind
htons
htonl
WSAGetLastError
socket
gethostname
getaddrinfo
freeaddrinfo
WSASocketW
setsockopt
WSASendTo
WSAIoctl
WSARecvFrom
GetAddrInfoW
WSAConnect
shutdown
WSARecv
WSASend

winmm

mciSendStringW
PlaySoundW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 479KB - Virtual size: 479KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9dda1a1d1f8a1d13ae0297b47046b26e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 126KB

.ndata Size: - Virtual size: 248KB

.rsrc Size: 11KB - Virtual size: 11KB

fe3375e7e4529b73ba45ab2246b9269b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 681B

.data Size: 512B - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 352B

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 662B

3b477381217c97b22146297f93df2a92

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 638B

439074d1c01f7b16781bdf060930814a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 126KB

.ndata
Size: - Virtual size: 248KB

.rsrc
Size: 11KB - Virtual size: 11KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 681B

.data
Size: 512B - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 352B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 638B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 927B

.data
Size: - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 254B

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 317KB - Virtual size: 317KB

.data
Size: 13KB - Virtual size: 23KB

.pdata
Size: 53KB - Virtual size: 53KB

.rsrc
Size: 479KB - Virtual size: 479KB

.reloc
Size: 7KB - Virtual size: 6KB