9255031d4deb9fd48e07231839e72ae5ce6120cd42270dd36cf2bb2a0c4316e0

Sharing

Copy URL Twitter E-mail

General

Target

9255031d4deb9fd48e07231839e72ae5ce6120cd42270dd36cf2bb2a0c4316e0
Size

1.3MB
MD5

32ab6abe50b22a5b53d63890f2ae442d
SHA1

9f96ce567c11439e82d3d646a21e969329141297
SHA256

9255031d4deb9fd48e07231839e72ae5ce6120cd42270dd36cf2bb2a0c4316e0
SHA512

0621be4af4644141c0a3f52c2c2e25649646c759a5101d917fe33d1e11462461634a327f1a8984fdfb520b715f6d8e32f089541c9452a115af8b2e0c4589b7f0
SSDEEP

24576:wH40AALCADBZ8aB3OySTlaYTSjCL+zXEFNLD1P4AzmBPrEH7Q:opDB2G36xh2jCGXC1PFAl

Score

10^/10

upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 2 IoCs

resource	yara_rule
sample	UPX
static1/unpack001/Uninstall.exe	UPX

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx
static1/unpack001/Uninstall.exe	upx

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
9255031d4deb9fd48e07231839e72ae5ce6120cd42270dd36cf2bb2a0c4316e0
unpack001/$0/Imagine.wcx64
unpack001/$0/Imagine.wlx64
unpack001/$0/Imagine64.dll
unpack001/$0/Imagine64.exe
unpack001/Imagine.wcx64
unpack001/Imagine.wlx64
unpack001/Imagine64.dll
unpack001/Imagine64.exe
unpack001/Uninstall.exe

Files

9255031d4deb9fd48e07231839e72ae5ce6120cd42270dd36cf2bb2a0c4316e0
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$0/Imagine.chm
.chm
$0/Imagine.wcx64
.dll windows:4 windows x64 arch:x64

5d63995d1bd61b212e35a61ebc32711a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryW
lstrcpyW
GetModuleFileNameW
FreeLibrary
FileTimeToDosDateTime
FileTimeToLocalFileTime
LocalAlloc
lstrcatW
LocalFree
lstrlenW

user32

GetForegroundWindow
wsprintfW

Exports

Exports

CanYouHandleThisFileW
CloseArchive
GetPackerCaps
OpenArchive
OpenArchiveW
PackFiles
PackFilesW
PackSetDefaultParams
ProcessFile
ProcessFileW
ReadHeader
ReadHeaderEx
ReadHeaderExW
SetChangeVolProc
SetChangeVolProcW
SetProcessDataProc
SetProcessDataProcW

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$0/Imagine.wlx64
.dll windows:4 windows x64 arch:x64

a9ff84b50e81c54cd824f51e791b269f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryW
lstrcpyW
GetModuleFileNameW
FreeLibrary
GetProcAddress

Exports

Exports

ListGetDetectString
ListGetPreviewBitmapW
ListLoad
ListLoadNextW
ListLoadW
ListPrintW
ListSendCommand
ListSetDefaultParams

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$0/Imagine64.dll
.dll regsvr32 windows:4 windows x64 arch:x64

8517ddc005d3dafa049bc22910271f4b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryW
GetVersionExW
Sleep
GetCommandLineW
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
GetCurrentProcessId
GetExitCodeThread
CreateRemoteThread
Module32NextW
Module32FirstW
GetDateFormatW
EnumDateFormatsW
GetTimeFormatW
EnumTimeFormatsW
GetEnvironmentVariableW
GetPrivateProfileStringW
GetPrivateProfileStructW
WritePrivateProfileStructW
GetFullPathNameW
GetWindowsDirectoryW
__C_specific_handler
HeapReAlloc
lstrcmpiA
CreateFileA
GetDriveTypeA
SetEnvironmentVariableA
CompareStringW
CompareStringA
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
FlushFileBuffers
GetProfileStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
LCMapStringW
LCMapStringA
HeapDestroy
HeapCreate
HeapSetInformation
FlsAlloc
TlsSetValue
FlsFree
TlsFree
FlsGetValue
GetOEMCP
GetACP
GetCPInfo
GetCurrentDirectoryA
SetEndOfFile
GetConsoleMode
GetConsoleCP
SetLastError
IsDebuggerPresent
GetStartupInfoA
GetStdHandle
SetHandleCount
DeleteFileA
ExitProcess
GetModuleHandleA
RtlUnwindEx
GetVersionExA
GetCommandLineA
FlsSetValue
GetDriveTypeW
PeekNamedPipe
GetFileInformationByHandle
GetFileType
SetStdHandle
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceCounter
LoadLibraryA
LoadLibraryExW
FreeLibrary
CreateProcessW
WritePrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
OpenFileMappingW
OpenProcess
GetCurrentProcess
GetStartupInfoW
GetFileTime
SetFileTime
SetErrorMode
InitializeCriticalSection
GetUserDefaultLCID
DeleteCriticalSection
GetShortPathNameW
SystemTimeToFileTime
GetCurrentThreadId
MulDiv
lstrcpynW
SetCurrentDirectoryW
GetModuleFileNameW
GetTempPathW
EnterCriticalSection
LeaveCriticalSection
FindFirstChangeNotificationW
SetEvent
TerminateThread
CreateMutexW
CreateEventW
CreateThread
WaitForMultipleObjects
WaitForSingleObject
FindNextChangeNotification
ReleaseMutex
FindCloseChangeNotification
GetModuleHandleW
GetProcAddress
DeleteFileW
GetSystemTimeAsFileTime
CompareFileTime
ReadFile
SetFilePointer
CreateDirectoryW
MoveFileW
GetLastError
FormatMessageW
WriteFile
CreateFileW
GetFileSize
FindFirstFileW
FindNextFileW
FindClose
MultiByteToWideChar
DosDateTimeToFileTime
LocalFileTimeToFileTime
HeapFree
GetProcessHeap
HeapAlloc
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
CloseHandle
lstrcmpW
GetFileAttributesW
WideCharToMultiByte
lstrcmpiW
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpyW
lstrcatW
GetCurrentDirectoryW
LocalAlloc
LocalFree
lstrlenW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetTickCount

user32

SetCursorPos
SetClipboardViewer
ChangeClipboardChain
DrawStateW
GetMenuItemRect
GetWindowTextLengthW
GetWindowLongW
DrawFrameControl
PtInRect
GetScrollPos
WaitForInputIdle
GetKeyNameTextW
MapVirtualKeyW
GetWindowDC
CreateIconIndirect
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharNextW
EnumWindows
CreateAcceleratorTableW
WindowFromDC
GetAsyncKeyState
ShowScrollBar
DialogBoxIndirectParamW
SystemParametersInfoA
CreateDialogParamW
GetSystemMenu
FindWindowW
LoadStringW
wsprintfA
SendMessageA
IsWindowUnicode
SetWindowTextA
WinHelpW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
UnregisterHotKey
MessageBeep
RegisterHotKey
GetForegroundWindow
GetIconInfo
WindowFromPoint
GetWindowThreadProcessId
AttachThreadInput
GetCursor
CheckRadioButton
GetDlgCtrlID
GetCursorPos
IsRectEmpty
LoadIconW
EnumChildWindows
IsIconic
SetForegroundWindow
GetMessagePos
SystemParametersInfoW
GetMenuItemID
DeleteMenu
GetFocus
DrawEdge
GetSysColorBrush
ScreenToClient
GetDesktopWindow
GetWindowTextW
InflateRect
GetClassNameW
InsertMenuItemW
MapWindowPoints
IsDialogMessageW
IsWindowVisible
GetWindowPlacement
SetWindowPlacement
IsZoomed
GetCapture
ReleaseCapture
SetCapture
LoadImageW
DrawIconEx
GetDlgItemTextW
IsDlgButtonChecked
CheckDlgButton
SetDlgItemTextW
DrawFocusRect
KillTimer
BeginPaint
EndPaint
SetTimer
InsertMenuW
GetClassLongPtrW
SetClassLongPtrW
DestroyWindow
PostThreadMessageW
ShowWindow
UpdateWindow
GetMessageW
TranslateMessage
DispatchMessageW
GetClassInfoW
RegisterClassW
CreateWindowExW
DefWindowProcW
PostQuitMessage
SetFocus
GetWindow
EnableWindow
SetWindowTextW
AdjustWindowRectEx
GetMenu
GetSystemMetrics
GetMenuItemInfoW
PeekMessageW
ClientToScreen
PostMessageW
GetKeyState
CreatePopupMenu
SetMenuDefaultItem
AppendMenuW
GetSubMenu
TrackPopupMenu
IsClipboardFormatAvailable
LoadMenuW
SetMenu
SetMenuItemInfoW
CheckMenuItem
EnableMenuItem
TranslateAcceleratorW
DestroyAcceleratorTable
DestroyMenu
GetWindowRect
DrawMenuBar
MessageBoxW
SetScrollInfo
GetDlgItemInt
GetParent
SetDlgItemInt
SendDlgItemMessageW
OffsetRect
FillRect
InvalidateRect
DrawTextW
GetDC
ReleaseDC
LoadCursorW
SetCursor
GetSysColor
SetRect
GetScrollInfo
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
RegisterClipboardFormatW
DialogBoxParamW
DestroyIcon
EndDialog
SetWindowPos
GetClientRect
wsprintfW
CallWindowProcW
GetPropW
RemovePropW
GetWindowLongPtrW
SetPropW
SetWindowLongPtrW
GetDlgItem
IsWindow
SendMessageW
GetMenuItemCount

gdi32

CreateFontIndirectW
Rectangle
GetStockObject
SetROP2
GetObjectA
SetWindowOrgEx
GetPaletteEntries
CreateHalftonePalette
SetViewportExtEx
SetWindowExtEx
SetMapMode
DeleteDC
CreateDCW
AbortDoc
EndDoc
EndPage
StartPage
StartDocW
SetAbortProc
CreateSolidBrush
ExtTextOutW
SetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgnIndirect
GetCurrentObject
CreateRectRgn
RealizePalette
SelectPalette
StretchBlt
SetDIBitsToDevice
StretchDIBits
CreateDIBSection
CreatePalette
DeleteEnhMetaFile
PlayEnhMetaFile
GetEnhMetaFileHeader
SetEnhMetaFileBits
GetEnhMetaFileBits
CloseEnhMetaFile
CreateEnhMetaFileW
DeleteMetaFile
SetWinMetaFileBits
GetMetaFileBitsEx
SetMetaFileBitsEx
CloseMetaFile
CreateMetaFileW
GetICMProfileW
SetDIBits
SelectClipRgn
Polygon
GetTextExtentPoint32W
LPtoDP
CreatePen
MoveToEx
LineTo
GetDeviceCaps
SetTextColor
SetStretchBltMode
SetBrushOrgEx
CreateHatchBrush
DeleteObject
GetObjectW
BitBlt
SetBkMode
SelectObject

comctl32

PropertySheetW
ord17
ImageList_DrawEx
ImageList_Create
ImageList_GetIcon
ImageList_GetIconSize
ImageList_Add
ImageList_BeginDrag
ImageList_EndDrag
ImageList_Destroy
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_ReplaceIcon

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetPluginInterface
adler32
compress
crc32
deflate
deflateEnd
deflateInit2_
deflateInit_
get_crc_table
inflate
inflateBackInit_
inflateEnd
inflateInit2_
inflateInit_
inflateSyncPoint
jpeg_CreateCompress
jpeg_CreateDecompress
jpeg_abort_compress
jpeg_abort_decompress
jpeg_destroy_compress
jpeg_destroy_decompress
jpeg_finish_compress
jpeg_finish_decompress
jpeg_mem_src
jpeg_read_header
jpeg_read_scanlines
jpeg_resync_to_restart
jpeg_set_defaults
jpeg_set_quality
jpeg_simple_progression
jpeg_start_compress
jpeg_start_decompress
jpeg_std_error
jpeg_stdio_dest
jpeg_stdio_src
jpeg_write_scanlines
uncompress

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEXT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 731KB - Virtual size: 730KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 273KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/Imagine64.exe
.exe windows:4 windows x64 arch:x64

e29677b72fd207f54336f6b953c487d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ExitProcess
GetModuleHandleW
LocalFree
FormatMessageW
GetLastError
LoadLibraryW
lstrcpyW
GetModuleFileNameW
GetStartupInfoW
GetProcAddress
FreeLibrary
GetCommandLineW

user32

DispatchMessageW
TranslateMessage
GetMessageW
MessageBoxW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$0/Language/Arabic.lng
$0/Language/Belarusian.lng
$0/Language/Bulgarian.lng
$0/Language/Croatian.lng
$0/Language/Czech.lng
$0/Language/Danish.lng
$0/Language/Estonian.lng
$0/Language/French.lng
$0/Language/German.lng
$0/Language/Hungarian.lng
$0/Language/Italiano.lng
$0/Language/Japanese.lng
$0/Language/Korean.lng
$0/Language/Nederlands.lng
$0/Language/Polish.lng
$0/Language/Portuguese (Brazil).lng
$0/Language/Portuguese (Portugal).lng
$0/Language/Romanian.lng
$0/Language/Russian.lng
$0/Language/SimplifiedChinese.lng
$0/Language/Slovenian.lng
$0/Language/Spanish.lng
$0/Language/Svenska.lng
$0/Language/TraditionalChinese.lng
$0/Language/Turkish.lng
$0/Language/Ukrainian.lng
$0/Language/Uzbek (O'zbekcha).lng
$0/PlugInst.inf
$0/Plugin/dir.txt
$0/Readme.txt
$0/Whatsnew.txt
Imagine.chm
.chm
Imagine.wcx64
.dll windows:4 windows x64 arch:x64

5d63995d1bd61b212e35a61ebc32711a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryW
lstrcpyW
GetModuleFileNameW
FreeLibrary
FileTimeToDosDateTime
FileTimeToLocalFileTime
LocalAlloc
lstrcatW
LocalFree
lstrlenW

user32

GetForegroundWindow
wsprintfW

Exports

Exports

CanYouHandleThisFileW
CloseArchive
GetPackerCaps
OpenArchive
OpenArchiveW
PackFiles
PackFilesW
PackSetDefaultParams
ProcessFile
ProcessFileW
ReadHeader
ReadHeaderEx
ReadHeaderExW
SetChangeVolProc
SetChangeVolProcW
SetProcessDataProc
SetProcessDataProcW

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Imagine.wlx64
.dll windows:4 windows x64 arch:x64

a9ff84b50e81c54cd824f51e791b269f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryW
lstrcpyW
GetModuleFileNameW
FreeLibrary
GetProcAddress

Exports

Exports

ListGetDetectString
ListGetPreviewBitmapW
ListLoad
ListLoadNextW
ListLoadW
ListPrintW
ListSendCommand
ListSetDefaultParams

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Imagine64.dll
.dll regsvr32 windows:4 windows x64 arch:x64

8517ddc005d3dafa049bc22910271f4b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryW
GetVersionExW
Sleep
GetCommandLineW
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
GetCurrentProcessId
GetExitCodeThread
CreateRemoteThread
Module32NextW
Module32FirstW
GetDateFormatW
EnumDateFormatsW
GetTimeFormatW
EnumTimeFormatsW
GetEnvironmentVariableW
GetPrivateProfileStringW
GetPrivateProfileStructW
WritePrivateProfileStructW
GetFullPathNameW
GetWindowsDirectoryW
__C_specific_handler
HeapReAlloc
lstrcmpiA
CreateFileA
GetDriveTypeA
SetEnvironmentVariableA
CompareStringW
CompareStringA
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
FlushFileBuffers
GetProfileStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
LCMapStringW
LCMapStringA
HeapDestroy
HeapCreate
HeapSetInformation
FlsAlloc
TlsSetValue
FlsFree
TlsFree
FlsGetValue
GetOEMCP
GetACP
GetCPInfo
GetCurrentDirectoryA
SetEndOfFile
GetConsoleMode
GetConsoleCP
SetLastError
IsDebuggerPresent
GetStartupInfoA
GetStdHandle
SetHandleCount
DeleteFileA
ExitProcess
GetModuleHandleA
RtlUnwindEx
GetVersionExA
GetCommandLineA
FlsSetValue
GetDriveTypeW
PeekNamedPipe
GetFileInformationByHandle
GetFileType
SetStdHandle
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceCounter
LoadLibraryA
LoadLibraryExW
FreeLibrary
CreateProcessW
WritePrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
OpenFileMappingW
OpenProcess
GetCurrentProcess
GetStartupInfoW
GetFileTime
SetFileTime
SetErrorMode
InitializeCriticalSection
GetUserDefaultLCID
DeleteCriticalSection
GetShortPathNameW
SystemTimeToFileTime
GetCurrentThreadId
MulDiv
lstrcpynW
SetCurrentDirectoryW
GetModuleFileNameW
GetTempPathW
EnterCriticalSection
LeaveCriticalSection
FindFirstChangeNotificationW
SetEvent
TerminateThread
CreateMutexW
CreateEventW
CreateThread
WaitForMultipleObjects
WaitForSingleObject
FindNextChangeNotification
ReleaseMutex
FindCloseChangeNotification
GetModuleHandleW
GetProcAddress
DeleteFileW
GetSystemTimeAsFileTime
CompareFileTime
ReadFile
SetFilePointer
CreateDirectoryW
MoveFileW
GetLastError
FormatMessageW
WriteFile
CreateFileW
GetFileSize
FindFirstFileW
FindNextFileW
FindClose
MultiByteToWideChar
DosDateTimeToFileTime
LocalFileTimeToFileTime
HeapFree
GetProcessHeap
HeapAlloc
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
CloseHandle
lstrcmpW
GetFileAttributesW
WideCharToMultiByte
lstrcmpiW
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpyW
lstrcatW
GetCurrentDirectoryW
LocalAlloc
LocalFree
lstrlenW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetTickCount

user32

SetCursorPos
SetClipboardViewer
ChangeClipboardChain
DrawStateW
GetMenuItemRect
GetWindowTextLengthW
GetWindowLongW
DrawFrameControl
PtInRect
GetScrollPos
WaitForInputIdle
GetKeyNameTextW
MapVirtualKeyW
GetWindowDC
CreateIconIndirect
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharNextW
EnumWindows
CreateAcceleratorTableW
WindowFromDC
GetAsyncKeyState
ShowScrollBar
DialogBoxIndirectParamW
SystemParametersInfoA
CreateDialogParamW
GetSystemMenu
FindWindowW
LoadStringW
wsprintfA
SendMessageA
IsWindowUnicode
SetWindowTextA
WinHelpW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
UnregisterHotKey
MessageBeep
RegisterHotKey
GetForegroundWindow
GetIconInfo
WindowFromPoint
GetWindowThreadProcessId
AttachThreadInput
GetCursor
CheckRadioButton
GetDlgCtrlID
GetCursorPos
IsRectEmpty
LoadIconW
EnumChildWindows
IsIconic
SetForegroundWindow
GetMessagePos
SystemParametersInfoW
GetMenuItemID
DeleteMenu
GetFocus
DrawEdge
GetSysColorBrush
ScreenToClient
GetDesktopWindow
GetWindowTextW
InflateRect
GetClassNameW
InsertMenuItemW
MapWindowPoints
IsDialogMessageW
IsWindowVisible
GetWindowPlacement
SetWindowPlacement
IsZoomed
GetCapture
ReleaseCapture
SetCapture
LoadImageW
DrawIconEx
GetDlgItemTextW
IsDlgButtonChecked
CheckDlgButton
SetDlgItemTextW
DrawFocusRect
KillTimer
BeginPaint
EndPaint
SetTimer
InsertMenuW
GetClassLongPtrW
SetClassLongPtrW
DestroyWindow
PostThreadMessageW
ShowWindow
UpdateWindow
GetMessageW
TranslateMessage
DispatchMessageW
GetClassInfoW
RegisterClassW
CreateWindowExW
DefWindowProcW
PostQuitMessage
SetFocus
GetWindow
EnableWindow
SetWindowTextW
AdjustWindowRectEx
GetMenu
GetSystemMetrics
GetMenuItemInfoW
PeekMessageW
ClientToScreen
PostMessageW
GetKeyState
CreatePopupMenu
SetMenuDefaultItem
AppendMenuW
GetSubMenu
TrackPopupMenu
IsClipboardFormatAvailable
LoadMenuW
SetMenu
SetMenuItemInfoW
CheckMenuItem
EnableMenuItem
TranslateAcceleratorW
DestroyAcceleratorTable
DestroyMenu
GetWindowRect
DrawMenuBar
MessageBoxW
SetScrollInfo
GetDlgItemInt
GetParent
SetDlgItemInt
SendDlgItemMessageW
OffsetRect
FillRect
InvalidateRect
DrawTextW
GetDC
ReleaseDC
LoadCursorW
SetCursor
GetSysColor
SetRect
GetScrollInfo
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
RegisterClipboardFormatW
DialogBoxParamW
DestroyIcon
EndDialog
SetWindowPos
GetClientRect
wsprintfW
CallWindowProcW
GetPropW
RemovePropW
GetWindowLongPtrW
SetPropW
SetWindowLongPtrW
GetDlgItem
IsWindow
SendMessageW
GetMenuItemCount

gdi32

CreateFontIndirectW
Rectangle
GetStockObject
SetROP2
GetObjectA
SetWindowOrgEx
GetPaletteEntries
CreateHalftonePalette
SetViewportExtEx
SetWindowExtEx
SetMapMode
DeleteDC
CreateDCW
AbortDoc
EndDoc
EndPage
StartPage
StartDocW
SetAbortProc
CreateSolidBrush
ExtTextOutW
SetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgnIndirect
GetCurrentObject
CreateRectRgn
RealizePalette
SelectPalette
StretchBlt
SetDIBitsToDevice
StretchDIBits
CreateDIBSection
CreatePalette
DeleteEnhMetaFile
PlayEnhMetaFile
GetEnhMetaFileHeader
SetEnhMetaFileBits
GetEnhMetaFileBits
CloseEnhMetaFile
CreateEnhMetaFileW
DeleteMetaFile
SetWinMetaFileBits
GetMetaFileBitsEx
SetMetaFileBitsEx
CloseMetaFile
CreateMetaFileW
GetICMProfileW
SetDIBits
SelectClipRgn
Polygon
GetTextExtentPoint32W
LPtoDP
CreatePen
MoveToEx
LineTo
GetDeviceCaps
SetTextColor
SetStretchBltMode
SetBrushOrgEx
CreateHatchBrush
DeleteObject
GetObjectW
BitBlt
SetBkMode
SelectObject

comctl32

PropertySheetW
ord17
ImageList_DrawEx
ImageList_Create
ImageList_GetIcon
ImageList_GetIconSize
ImageList_Add
ImageList_BeginDrag
ImageList_EndDrag
ImageList_Destroy
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_ReplaceIcon

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetPluginInterface
adler32
compress
crc32
deflate
deflateEnd
deflateInit2_
deflateInit_
get_crc_table
inflate
inflateBackInit_
inflateEnd
inflateInit2_
inflateInit_
inflateSyncPoint
jpeg_CreateCompress
jpeg_CreateDecompress
jpeg_abort_compress
jpeg_abort_decompress
jpeg_destroy_compress
jpeg_destroy_decompress
jpeg_finish_compress
jpeg_finish_decompress
jpeg_mem_src
jpeg_read_header
jpeg_read_scanlines
jpeg_resync_to_restart
jpeg_set_defaults
jpeg_set_quality
jpeg_simple_progression
jpeg_start_compress
jpeg_start_decompress
jpeg_std_error
jpeg_stdio_dest
jpeg_stdio_src
jpeg_write_scanlines
uncompress

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEXT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 731KB - Virtual size: 730KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 273KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Imagine64.exe
.exe windows:4 windows x64 arch:x64

e29677b72fd207f54336f6b953c487d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ExitProcess
GetModuleHandleW
LocalFree
FormatMessageW
GetLastError
LoadLibraryW
lstrcpyW
GetModuleFileNameW
GetStartupInfoW
GetProcAddress
FreeLibrary
GetCommandLineW

user32

DispatchMessageW
TranslateMessage
GetMessageW
MessageBoxW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Language/Arabic.lng
Language/Belarusian.lng
Language/Bulgarian.lng
Language/Croatian.lng
Language/Czech.lng
Language/Danish.lng
Language/Estonian.lng
Language/French.lng
Language/German.lng
Language/Hungarian.lng
Language/Italiano.lng
Language/Japanese.lng
Language/Korean.lng
Language/Nederlands.lng
Language/Polish.lng
Language/Portuguese (Brazil).lng
Language/Portuguese (Portugal).lng
Language/Romanian.lng
Language/Russian.lng
Language/SimplifiedChinese.lng
Language/Slovenian.lng
Language/Spanish.lng
Language/Svenska.lng
Language/TraditionalChinese.lng
Language/Turkish.lng
Language/Ukrainian.lng
Language/Uzbek (O'zbekcha).lng
PlugInst.inf
Plugin/dir.txt
Readme.txt
Uninstall.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Whatsnew.txt

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 172KB

UPX1 Size: 18KB - Virtual size: 20KB

.rsrc Size: 7KB - Virtual size: 8KB

5d63995d1bd61b212e35a61ebc32711a

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: - Virtual size: 24B

.pdata Size: 512B - Virtual size: 336B

.rsrc Size: 1024B - Virtual size: 808B

a9ff84b50e81c54cd824f51e791b269f

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 753B

.data Size: - Virtual size: 16B

.pdata Size: 512B - Virtual size: 120B

.rsrc Size: 1024B - Virtual size: 808B

8517ddc005d3dafa049bc22910271f4b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comctl32

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

TEXT Size: 1KB - Virtual size: 1KB

.rdata Size: 731KB - Virtual size: 730KB

.data Size: 30KB - Virtual size: 396KB

.pdata Size: 136KB - Virtual size: 136KB

.rsrc Size: 273KB - Virtual size: 273KB

.reloc Size: 14KB - Virtual size: 14KB

e29677b72fd207f54336f6b953c487d4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 940B

.pdata Size: 512B - Virtual size: 180B

.rsrc Size: 10KB - Virtual size: 10KB

5d63995d1bd61b212e35a61ebc32711a

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 172KB

UPX1
Size: 18KB - Virtual size: 20KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: - Virtual size: 24B

.pdata
Size: 512B - Virtual size: 336B

.rsrc
Size: 1024B - Virtual size: 808B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 753B

.data
Size: - Virtual size: 16B

.pdata
Size: 512B - Virtual size: 120B

.rsrc
Size: 1024B - Virtual size: 808B

.text
Size: 1.9MB - Virtual size: 1.9MB

TEXT
Size: 1KB - Virtual size: 1KB

.rdata
Size: 731KB - Virtual size: 730KB

.data
Size: 30KB - Virtual size: 396KB

.pdata
Size: 136KB - Virtual size: 136KB

.rsrc
Size: 273KB - Virtual size: 273KB

.reloc
Size: 14KB - Virtual size: 14KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 940B

.pdata
Size: 512B - Virtual size: 180B

.rsrc
Size: 10KB - Virtual size: 10KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: - Virtual size: 24B

.pdata
Size: 512B - Virtual size: 336B

.rsrc
Size: 1024B - Virtual size: 808B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 753B

.data
Size: - Virtual size: 16B

.pdata
Size: 512B - Virtual size: 120B

.rsrc
Size: 1024B - Virtual size: 808B

.text
Size: 1.9MB - Virtual size: 1.9MB

TEXT
Size: 1KB - Virtual size: 1KB

.rdata
Size: 731KB - Virtual size: 730KB

.data
Size: 30KB - Virtual size: 396KB

.pdata
Size: 136KB - Virtual size: 136KB

.rsrc
Size: 273KB - Virtual size: 273KB

.reloc
Size: 14KB - Virtual size: 14KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 940B

.pdata
Size: 512B - Virtual size: 180B

.rsrc
Size: 10KB - Virtual size: 10KB

UPX0
Size: - Virtual size: 172KB

UPX1
Size: 18KB - Virtual size: 20KB

.rsrc
Size: 7KB - Virtual size: 8KB