sai-rus-pack-1[.]1[.]0-f1[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

sai-rus-pack-1.1.0-f1.exe
Size

1.7MB
MD5

6d47c2d48383c758d083afabcaeb62e5
SHA1

bbf722a44095dc4c3bada8b32f3d1c9a63e0f72a
SHA256

ddb45b2b89f9d644a72824053ac168aff345b82b58c3ea0b6f28ae6810ce9733
SHA512

83cf7daa8187c76a57505cbde3e434698bbbc5e95b159813ba9430e3d6c1b5cd1f8f606fa0ccdc11b6c735692d316240e66d1bd2fb77447d951436cc642a5d1d
SSDEEP

49152:LdVpTcxPcFjnyo/xSStG6kMI9A5vUAGyFf:Xppjnyo5bMBR9A5sAhF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/start-sai.exe	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
sai-rus-pack-1.1.0-f1.exe
unpack001/sai.exe
unpack001/sfl.dll
unpack001/start-sai.exe
unpack002/out.upx
unpack001/uninstall.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninstall.exe	nsis_installer_1
static1/unpack001/uninstall.exe	nsis_installer_2

Files

sai-rus-pack-1.1.0-f1.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
blotmap/Fuzystatic.bmp
blotmap/Noise.bmp
blotmap/Spread.bmp
brushtex/Canvas.bmp
brushtex/Paper.bmp
do-it-yourself/TODO.txt
do-it-yourself/elemap-empty.psd
elemap/Bristle.bmp
elemap/Fine_Flat.bmp
elemap/Fine_Hollow.bmp
elemap/Fine_Pointy.bmp
elemap/Fine_Round_1.bmp
elemap/Fine_Round_2.bmp
elemap/Middle_Flat.bmp
elemap/Middle_Round.bmp
elemap/Rough_Flat.bmp
elemap/Rough_Round_1.bmp
elemap/Rough_Round_2.bmp
elemap/Rough_Vertical.bmp
elemap/Stringy_L.bmp
elemap/Stringy_M.bmp
elemap/Stringy_R.bmp
elemap/Stringy_S.bmp
elemap/Uneven_SR.bmp
elemap/xShape_Arrow.bmp
elemap/xShape_Cross.bmp
elemap/xShape_Cross_diss.bmp
elemap/xShape_HalfRound.bmp
history.txt
language.conf
misc.ini
papertex/Canvas.bmp
papertex/Paper.bmp
papertex/Watercolor A.bmp
papertex/Watercolor B.bmp
presetcvsize.conf
sai.exe
.exe windows:4 windows x86 arch:x86

b7006ec13967c8724f3605f407b925d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTime
FlushFileBuffers
GetFileInformationByHandle
GetPrivateProfileStringA
WritePrivateProfileStringA
GetVersionExA
GlobalMemoryStatus
GetCurrentProcess
LocalFree
LocalAlloc
GetSystemDirectoryA
InterlockedDecrement
GetLocalTime
WaitForSingleObject
RaiseException
UnmapViewOfFile
GetLongPathNameA
GetCurrentThread
WaitForMultipleObjects
GetWindowsDirectoryA
MapViewOfFile
SystemTimeToFileTime
GetModuleFileNameA
SetUnhandledExceptionFilter
GetSystemInfo
GetDiskFreeSpaceExA
GetFileSize
DeleteFileA
GetTempFileNameA
GetFileAttributesA
ExitProcess
Sleep
GetSystemTimeAsFileTime
GetCurrentThreadId
GetDriveTypeA
GlobalUnlock
FindNextFileA
FindClose
CompareFileTime
lstrlenA
GetStartupInfoA
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
CreateFileMappingA
WriteFile
LoadLibraryA
GetProcAddress
MultiByteToWideChar
FindResourceA
GlobalLock
GlobalAlloc
GlobalFree
WideCharToMultiByte
LockResource
LoadResource
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
MoveFileA
ReadFile
DeviceIoControl
CreateFileA
VirtualAlloc
VirtualFree
CloseHandle
GetLogicalDrives
GetVolumeInformationA
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateDirectoryA
GetLastError
FindFirstFileA

user32

SetWindowPos
GetPropA
DispatchMessageA
TranslateMessage
GetMessageA
LoadMenuA
SetFocus
GetWindow
GetKeyState
GetFocus
GetAncestor
GetParent
GetDC
SendMessageA
ScreenToClient
EnumChildWindows
wsprintfA
ReleaseDC
EnumThreadWindows
ClientToScreen
SetForegroundWindow
PostMessageA
MessageBeep
PeekMessageA
LoadImageA
DrawIconEx
ReleaseCapture
SetCapture
ScrollWindowEx
DestroyMenu
GetCursorPos
AppendMenuA
CreatePopupMenu
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
CreateCaret
GetWindowPlacement
SetWindowPlacement
GetCursor
GetWindowThreadProcessId
DestroyWindow
SystemParametersInfoA
IsIconic
ScrollDC
IsWindowVisible
EndPaint
BeginPaint
GetUpdateRgn
EnableMenuItem
GetWindowRect
ShowWindow
GetSystemMetrics
GetDlgItem
CloseClipboard
EmptyClipboard
OpenClipboard
SetClipboardData
SetMenuItemInfoA
GetMenuItemInfoA
CheckMenuItem
DeleteMenu
IsClipboardFormatAvailable
ReplyMessage
IsWindowEnabled
IsZoomed
InsertMenuA
GetSystemMenu
CreateMenu
SetPropA
RemovePropA
WindowFromPoint
GetClipboardData
MessageBoxA
SetCursor
GetCapture
LoadCursorA

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
GetObjectA
GetTextExtentPoint32A
GetTextMetricsA
LineTo
MoveToEx
SetBkColor
SetBkMode
CreatePen
SetDIBitsToDevice
CreateCompatibleBitmap
OffsetRgn
CreateRectRgn
DeleteObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

GetUserNameA
GetNamedSecurityInfoA
GetAclInformation
GetAce
GetLengthSid
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityA
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

DragAcceptFiles
SHGetFileInfoA
SHGetPathFromIDListA
DragFinish
SHFileOperationA
DragQueryFileA
SHGetDataFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderPathA
SHBrowseForFolderA

ole32

DoDragDrop
CoTaskMemFree
CoCreateInstance
CoUninitialize
RevokeDragDrop
CoInitializeSecurity
CoInitializeEx
CoInitialize
RegisterDragDrop
CoSetProxyBlanket
ReleaseStgMedium
OleDuplicateData

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

sfl

splitbar_setrange
splitbar_create
win_tooltip
label
win_deferpos
win_getdwp
splitbar_getnewrc
win_getwd
imgbtn_create
checkbox_getstate
treebox_showitem
treebox_openitem
treebox_setsel
ti_tnext
ti_top
ti_destroy
ti_additemex
ti_additem
ti_create
ui_setproc
gc_unlock
gc_strsz
bs_lock
gc_fill_rc
gc_putsex
gc_puts
trackbar_getval
trackbar_setval
trackbar_setrange
win_move
win_getsrc
reg_delval
li_additemex
reg_getdfp
reg_setdfp
tab_allok
tab_allcancel
editbox_getint
win_tabmode
win_tabbtnmap
win_tabprsmin
editbox_getstr
reg_getstr
reg_setstr
thread_stop
thread_start
win_setwrc
dblclk_test
da_calloc_x
_unlock@4
_lock@4
event_set
event_create
_lock_open@4
da_create_x
listbox_redraw
event_wait
da_destroy_x
_lock_close@4
event_destroy
listbox_setdragdist
win_setdragscroll
sflSetScrollPos
treebox_setindent
treebox_setdragdist
ui_setdata
treebox_hititem
gc_box_se
gc_fill_se
sflTrackPopupMenu
listbox_hititem
listbox_showitem
gc_box
ui_sethitrc
checkbox_push
droplist_select
checkbox_setimage
imgbtn_setstate
gc_bltex
gc_setfont
bm_circle
gc_lock
rect_copy
vm_malloc_x
drag_start
rect_hit
bit_tst
label_fgcol
bm_pset
bit_set
bm_line
bm_erase
bit_clr
rect_nrmdir
bm_unmap
bm_map
bm_inneredge
bm_box
bm_fill
drag_init
drag_test
radio_clr
performance_e
bm_contract
bm_or
bm_expand
performance_s
bm_destroy
bm_create
treebox_redraw
mem_setq
mem_setb
gm_or
gm_xor
gc_vas
gm_vas
gm_destroy
apr_adjustrect
apr_metrics
gc_resize
gm_resize
vm_calloc_x
tmpstrm_create
tmpstrm_close
tmpstrm_awb_start
tmpstrm_awb_stop
tmpstrm_geteof
tmpstrm_seek
tmpstrm_read
tmpstrm_settof
tmpstrm_seteof
tmpstrm_write
tmpstrm_getpos
rect_offset
vm_map_x
vm_free_x
g_tid_wintab
except_setwin
except_getlist
bit_sets
bit_scan0clr
splitbar_setpos
bit_scan1
gm_fill
win_redraw_wh
apr_setexstyle
apr_setstyle
menubar_setmdichild
win_getdata
sflSetScrollInfo
apr_isactive
sflGetScrollInfo
win_timer
win_tabdata
win_tabfilter
win_tabrecv
gc_blt_rc
rgn_extract
win_enablechild
radio_set
imgbtn_setimgpos
fini_sfl
apr_destroy
thread_priority
apr_load_menu
apr_load_menubar
apr_load_vsb
apr_load_hsb
apr_load_client
apr_load_frame
mpu_info
init_sfl
except_setlogproc
mutex_create
treebox_setitemsize
label_settext
label_bgcol
wintab_dispchg
wintab_disable
wintab_enable
apr_getmaxrect
apr_getstyle
win_quit
tooltip_fini
wintab_close
splitbar_setorg
menubar_getht
apr_getcrc
menubar_create
wintab_open
tooltip_init
menubar_setmenu
gc_patfill
apr_setmaxsize
radio_settoggle
ui_format
win_defershow
win_iscurthread
tooltip_show
tooltip_hide
win_getht
gc_halftone
apr_isenabled
editbox_getdfp
editbox_setdfp
droplist_setdirection
reg_getbin
reg_setbin
editbox_setint
win_gettext
droplist_getsel
editbox_selall
droplist_setsel
sflDefWindowProc
sflGetWindowLong
win_enable
win_update
win_post
win_destroy
apr_monrc
win_create_ex
button_create
label_create
editbox_create
treebox_create
droplist_create
droplist_setitemsize
trackbar_create
checkbox_create
radio_create
groupbox_create
tab_create
ui_create
da_free_x
rect_wh
rect_and
mem_setw
mem_setd
rect_or
gc_destroy
mem_malloc_x
gc_pixmap
gm_pixmap
str_get
li_remove
li_append
li_free
checkbox_setstate
slider_setcol
sflGetScrollPos
win_getcrc
win_deferpos_begin
win_getwrc
win_deferwrc
win_defermove
win_deferpos_end
ui_detach
li_destroy
reg_getint
apr_setminsize
listbox_create
li_create
li_additem
listbox_setsel
picture_create
picture_setscale
picture_setpm
picture_setscroll
slider_create
slider_readonly
slider_setrange
slider_setval
win_show
win_send
reg_setint
win_redraw
win_settext
uih
ui_attach
radio_push
rect_se
mem_calloc_x
da_malloc_x
mem_free
except_filter
splitbar_getpos
editbox_setstr
win_size
tab_getselhwnd
listbox_setcols
listbox_setrows
gc_blt
gc_fill
tab_getsel
gc_loadbmp
tab_update
bit_scan0
tab_setsel
bm_ptr
listbox_setitemsize

msvcrt

floor
strncat
_strnicmp
qsort
fputws
fputwc
fgetwc
_vsnprintf
fgets
fprintf
_stricmp
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
rand
calloc
sscanf
ftell
_seh_longjmp_unwind
_setjmp3
malloc
free
_filelength
fread
fseek
_ftol
fopen
fwrite
fclose
_makepath
_hypot
_CIpow
_copysign
srand
time
atoi
fputs
fgetws
strtol
_exit
_XcptFilter
exit
_acmdln
__getmainargs
__setusermatherr
_adjust_fdiv
__p__commode
_splitpath
_snprintf
strncpy
__p__fmode
__set_app_type
_controlfp
__dllonexit
_onexit
_memicmp
abort
_iob
longjmp
fflush
strtod
_CxxThrowException
_initterm
_except_handler3
sprintf
??1type_info@@UAE@XZ

shlwapi

PathAddBackslashA
PathCanonicalizeA
PathStripPathA
PathRemoveBackslashA
PathRemoveFileSpecA
StrFormatByteSizeA
PathIsRelativeA

comctl32

ImageList_Draw
ImageList_DrawEx
ord17

imm32

ImmAssociateContext

imagehlp

MakeSureDirectoryPathExists

Sections

.text
Size: 752KB - Virtual size: 749KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 700KB - Virtual size: 699KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sfl.dll
.dll windows:4 windows x86 arch:x86

f81036e0afc91d8c06e09ae165d3b9d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalMemoryStatus
GetVersionExA
TlsAlloc
TlsGetValue
GlobalFree
TlsFree
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
MultiByteToWideChar
GetTickCount
GetSystemInfo
LoadLibraryA
GetProcAddress
SetEndOfFile
ReadFile
CreateFileA
SetFilePointer
WriteFile
Sleep
GetCurrentThreadId
GetCurrentProcess
GetProcessAffinityMask
QueryPerformanceFrequency
OutputDebugStringA
QueryPerformanceCounter
ReleaseMutex
CreateMutexA
GetLastError
ResetEvent
SetEvent
CreateEventA
SetThreadPriority
WaitForSingleObject
ResumeThread
SuspendThread
GetExitCodeThread
CloseHandle
GetSystemTimeAsFileTime
VirtualFree
VirtualQuery
VirtualAlloc
TlsSetValue

user32

BeginDeferWindowPos
MapWindowPoints
SetWindowTextA
SendNotifyMessageA
PostQuitMessage
RegisterWindowMessageA
ChildWindowFromPointEx
GetDlgItem
AppendMenuA
CreatePopupMenu
GetClipboardData
IsClipboardFormatAvailable
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetKeyState
DestroyCaret
HideCaret
ShowCaret
CreateCaret
SetCaretPos
ScrollWindowEx
GetUpdateRgn
GetWindow
IsChild
GetFocus
AdjustWindowRect
GetGuiResources
DeferWindowPos
EndDeferWindowPos
EnableWindow
MonitorFromWindow
GetMonitorInfoA
SystemParametersInfoA
EnumThreadWindows
SetActiveWindow
ClientToScreen
SetWindowRgn
EnumChildWindows
DrawIconEx
GetWindowTextA
IsWindowEnabled
ShowScrollBar
SetWindowPos
LoadIconA
GetParent
SetScrollPos
GetScrollPos
SetScrollInfo
GetScrollInfo
ScreenToClient
TrackPopupMenu
SetCapture
SetFocus
SetCursor
PeekMessageA
WaitMessage
WindowFromPoint
SetTimer
ReleaseCapture
DestroyMenu
GetAncestor
ShowWindow
UpdateWindow
GetWindowDC
GetMenuItemCount
GetMenuItemInfoA
GetClientRect
BeginPaint
EndPaint
SetPropA
GetWindowRect
MoveWindow
RemovePropA
RedrawWindow
KillTimer
GetSystemMenu
IsIconic
IsZoomed
EnableMenuItem
GetPropA
AdjustWindowRectEx
GetWindowThreadProcessId
SendMessageA
GetWindowLongA
SetWindowLongA
GetCursorPos
PostMessageA
SetCursorPos
mouse_event
DefWindowProcA
GetSystemMetrics
LoadCursorA
RegisterClassExA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
keybd_event
DrawTextA
FillRect
FrameRect
LoadImageA
GetDC
ReleaseDC
GetCapture

gdi32

GetTextExtentPoint32W
CreateFontA
CreateFontIndirectW
ExtSelectClipRgn
ExtCreateRegion
OffsetRgn
CreateRectRgnIndirect
CombineRgn
SaveDC
CreateRectRgn
SelectClipRgn
RestoreDC
GetRegionData
GetTextMetricsA
SetTextColor
TextOutA
SetDIBitsToDevice
PatBlt
CreateSolidBrush
CreatePen
MoveToEx
LineTo
GetObjectA
BitBlt
DeleteDC
CreateDIBSection
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
SetBkMode
GdiFlush
DeleteObject
ExtTextOutW

advapi32

RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA

msvcrt

malloc
calloc
realloc
free
_beginthreadex
fclose
fwrite
fopen
_vsnprintf
sprintf
atof
strncpy
_snprintf
_splitpath
_hypot
_ftol
tolower
atoi
_except_handler3
wcslen
wcscpy
strtol
_wcsupr
floor
strtod
_initterm
_adjust_fdiv
_memicmp
wcsncpy

imm32

ImmAssociateContextEx
ImmAssociateContext
ImmReleaseContext
ImmSetCompositionFontA
ImmGetContext
ImmSetCompositionWindow

Exports

Exports

_lock@4
_lock_close@4
_lock_open@4
_lock_openex@8
_lock_updpam@4
_unlock@4
apr_adjustrect
apr_destroy
apr_drawedge
apr_drawsb_dw
apr_drawsb_up
apr_getcrc
apr_getexstyle
apr_getmaxrect
apr_getmaxsize
apr_getminsize
apr_getstyle
apr_isactive
apr_isenabled
apr_load_border
apr_load_client
apr_load_frame
apr_load_hsb
apr_load_menu
apr_load_menubar
apr_load_vsb
apr_metrics
apr_monrc
apr_painthot
apr_setexstyle
apr_sethot
apr_setmaxsize
apr_setminsize
apr_setstyle
bit_clr
bit_clrs
bit_scan0
bit_scan0clr
bit_scan1
bit_scan1set
bit_set
bit_sets
bit_tst
bm_and
bm_box
bm_circle
bm_contract
bm_copy
bm_create
bm_destroy
bm_ellipse
bm_erase
bm_expand
bm_fill
bm_inneredge
bm_line
bm_map
bm_not
bm_or
bm_outeredge
bm_point
bm_pset
bm_ptr
bm_reserve
bm_resize
bm_unmap
bs_lock
button_create
button_setstate
checkbox_create
checkbox_getstate
checkbox_push
checkbox_setimage
checkbox_setstate
colsfl2win
da_calloc_x
da_commit_x
da_create_x
da_destroy_x
da_free_x
da_malloc_x
da_verbose_x
dblclk_test
drag_init
drag_start
drag_test
droplist_create
droplist_getsel
droplist_select
droplist_setdirection
droplist_setitemsize
droplist_setsel
editbox_create
editbox_getdfp
editbox_getint
editbox_getstr
editbox_selall
editbox_setdfp
editbox_setint
editbox_setstr
event_create
event_destroy
event_reset
event_set
event_wait
except_filter
except_getlist
except_setlogproc
except_setwin
fini_sfl
font_create
font_create_indirect
font_destroy
g_cntmap
g_szmap
g_szpage
g_tid_wintab
gc_addref
gc_bits
gc_blt
gc_blt_rc
gc_blt_se
gc_bltex
gc_box
gc_box_rc
gc_box_se
gc_destroy
gc_fill
gc_fill_rc
gc_fill_se
gc_halftone
gc_halftone_rc
gc_line
gc_loadbmp
gc_lock
gc_pat
gc_pat_rc
gc_pat_se
gc_patfill
gc_pixmap
gc_puts
gc_putsex
gc_relref
gc_resize
gc_savebmp
gc_setfont
gc_strsz
gc_strszex
gc_unlock
gc_vas
gm_and
gm_destroy
gm_fill
gm_lock
gm_or
gm_pixmap
gm_resize
gm_unlock
gm_vas
gm_xor
groupbox_create
imgbtn_create
imgbtn_setimgpos
imgbtn_setstate
init_sfl
label
label_bgcol
label_create
label_fgcol
label_settext
li_additem
li_additemex
li_append
li_create
li_destroy
li_find
li_free
li_insert
li_remove
li_seek
listbox_create
listbox_getcols
listbox_getrows
listbox_getsel
listbox_hititem
listbox_popup
listbox_redraw
listbox_scrollmargin
listbox_setcols
listbox_setdragdist
listbox_setitemsize
listbox_setrows
listbox_setsel
listbox_showitem
mem_calloc_x
mem_dup_x
mem_free
mem_malloc_x
mem_realloc_x
mem_setb
mem_setd
mem_setq
mem_setw
menubar_create
menubar_getht
menubar_setmdichild
menubar_setmenu
mpu_info
mutex_create
mutex_destroy
mutex_lock
mutex_unlock
performance_e
performance_s
performance_x
picture_create
picture_setpm
picture_setscale
picture_setscroll
radio_clr
radio_create
radio_push
radio_set
radio_settoggle
rect_and
rect_clip
rect_copy
rect_hit
rect_nrmdir
rect_offset
rect_or
rect_se
rect_wh
reg_close
reg_create
reg_delkey
reg_delval
reg_getbin
reg_getdfp
reg_getint
reg_getstr
reg_open
reg_setbin
reg_setdfp
reg_setint
reg_setkey
reg_setstr
rgn_extract
sflDefWindowProc
sflGetScrollInfo
sflGetScrollPos
sflGetWindowLong
sflSetScrollInfo
sflSetScrollPos
sflSetWindowLong
sflTrackPopupMenu
sfl_getskin
sfl_report
slider_create
slider_getval
slider_readonly
slider_setcol
slider_setrange
slider_setval
splitbar_create
splitbar_getnewrc
splitbar_getpos
splitbar_setorg
splitbar_setpos
splitbar_setrange
str_alloc
str_free
str_get
tab_allcancel
tab_allok
tab_create
tab_gethwnd
tab_getsel
tab_getselhwnd
tab_setsel
tab_update
thread_priority
thread_resume
thread_start
thread_stop
thread_suspend
thread_wait
ti_additem
ti_additemex
ti_append
ti_create
ti_destroy
ti_end
ti_find
ti_insert
ti_remove
ti_seek
ti_tnext
ti_top
ti_tprev
tmpstrm_awb_start
tmpstrm_awb_stop
tmpstrm_close
tmpstrm_create
tmpstrm_geteof
tmpstrm_getpos
tmpstrm_gettof
tmpstrm_read
tmpstrm_seek
tmpstrm_seteof
tmpstrm_settof
tmpstrm_write
tooltip_fini
tooltip_hide
tooltip_init
tooltip_show
trackbar_create
trackbar_getval
trackbar_setrange
trackbar_setval
treebox_create
treebox_getsel
treebox_hititem
treebox_markitem
treebox_openitem
treebox_redraw
treebox_scrollmargin
treebox_setdragdist
treebox_setindent
treebox_setitemsize
treebox_setminwd
treebox_setsel
treebox_showitem
ui_attach
ui_create
ui_detach
ui_format
ui_setdata
ui_sethitrc
ui_setproc
uih
vm_calloc_x
vm_commit_x
vm_decommit_x
vm_enum_first
vm_enum_next
vm_free_x
vm_malloc_x
vm_map_x
vm_touch
vm_verbose_x
win_create
win_create_ex
win_defermove
win_deferpos
win_deferpos_begin
win_deferpos_end
win_defershow
win_defersize
win_deferwrc
win_destroy
win_enable
win_enablechild
win_getcrc
win_getdata
win_getdwp
win_getht
win_getsrc
win_gettext
win_getwd
win_getwh
win_getwrc
win_iscurthread
win_loop
win_move
win_notify
win_post
win_quit
win_redraw
win_redraw_rc
win_redraw_wh
win_send
win_setdata
win_setdragscroll
win_settext
win_setwrc
win_setwrc_ex
win_show
win_size
win_spy
win_tabbtnmap
win_tabdata
win_tabfilter
win_tabmode
win_tabprsmin
win_tabrecv
win_timer
win_tooltip
win_update
win_update_ex
wintab_close
wintab_disable
wintab_dispchg
wintab_enable
wintab_open

Sections

.text
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
start-sai.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
toolink/00.ini
toolink/01.ini
toolink/02.ini
toolink/03.ini
toolink/04.ini
toolink/05.ini
toolink/06.ini
toolink/07.ini
toolink/08.ini
toolink/09.ini
toolnrm/00.ini
toolnrm/01.ini
toolnrm/02.ini
toolnrm/03.ini
toolnrm/04.ini
toolnrm/05.ini
toolnrm/06.ini
toolnrm/07.ini
toolnrm/08.ini
toolnrm/09.ini
toolnrm/10.ini
toolnrm/12.ini
toolnrm/13.ini
toolnrm/14.ini
toolnrm/16.ini
toolnrm/17.ini
toolnrm/18.ini
toolnrm/19.ini
uninstall.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 19KB - Virtual size: 18KB

b7006ec13967c8724f3605f407b925d0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

sfl

msvcrt

shlwapi

comctl32

imm32

imagehlp

Sections

.text Size: 752KB - Virtual size: 749KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 96KB - Virtual size: 3.9MB

.rsrc Size: 700KB - Virtual size: 699KB

f81036e0afc91d8c06e09ae165d3b9d3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

imm32

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 144KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 296KB - Virtual size: 295KB

.reloc Size: 12KB - Virtual size: 8KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 60KB

UPX1 Size: 37KB - Virtual size: 40KB

.rsrc Size: 6KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 8KB - Virtual size: 5KB

7fa974366048f9c551ef45714595665e

Headers

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 19KB - Virtual size: 18KB

.text
Size: 752KB - Virtual size: 749KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 96KB - Virtual size: 3.9MB

.rsrc
Size: 700KB - Virtual size: 699KB

.text
Size: 148KB - Virtual size: 144KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 296KB - Virtual size: 295KB

.reloc
Size: 12KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 60KB

UPX1
Size: 37KB - Virtual size: 40KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 8KB - Virtual size: 5KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 19KB - Virtual size: 18KB