relaydll[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

relaydll.7z
Size

1.6MB
MD5

90c656d25a9ea0783011462b7b1f966a
SHA1

c2ae58d14a266cc3e814e15604749ca5c40b23ee
SHA256

eafb37946265067dc436feeb9c78b6f8231e3bd03b43a480c0170d65d36c3a93
SHA512

9c1e3cc4b00396e6ede4eda833c9671905a27b4d43fce4909716c8f1d224533b3e275930cc907323392ebf05b4bce1e4f507e7ea2b0449785fa489dd10e75a6a
SSDEEP

24576:6AOQNvZBX58oTfN6hlNF5K2jd0WWXqu2dhw4HxyQYYxL5y+gjiWHq23FccDhzOT:6A3bXxfKDK2jOWPpdhwid4Fcca

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/UIxMarketPlugin.dll
unpack001/relay.dll

Files

relaydll.7z
.7z
UIxMarketPlugin.dll
.dll windows:5 windows x86 arch:x86

12fbd1bc75de00e13e4da8fd25e68e9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

C:\Users\ICP221\perforce\_perforce\Installer\UniversalInstaller\2.5.30\Project\UIxStandard\Win\Release\UIxMarketPlugin.pdb

Imports

kernel32

VerifyVersionInfoW
VerSetConditionMask
GetConsoleMode
GetConsoleCP
LCMapStringW
GetTimeZoneInformation
GetStringTypeW
QueryPerformanceCounter
GetEnvironmentStringsW
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapDestroy
HeapCreate
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
GetSystemTimeAsFileTime
ExitProcess
HeapQueryInformation
HeapSize
CreateThread
ExitThread
HeapReAlloc
RaiseException
RtlUnwind
HeapFree
GetCommandLineA
EncodePointer
DecodePointer
HeapAlloc
FindResourceExW
VirtualProtect
SearchPathW
Sleep
GetProfileIntW
GetTickCount
InitializeCriticalSectionAndSpinCount
GetTempPathW
GetTempFileNameW
GetNumberFormatW
GetWindowsDirectoryW
lstrcpyW
GetCurrentDirectoryW
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetFileAttributesExW
GetUserDefaultUILanguage
GetLocaleInfoW
InterlockedExchange
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
lstrcmpiW
GlobalFlags
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
LoadLibraryW
lstrcmpW
FileTimeToSystemTime
lstrlenA
lstrcmpA
GlobalGetAtomNameW
CompareStringW
InterlockedIncrement
GetModuleHandleW
GetProcAddress
WaitForSingleObject
GetCurrentThreadId
ResumeThread
SetThreadPriority
CloseHandle
MultiByteToWideChar
CopyFileW
GlobalSize
FormatMessageW
MulDiv
lstrlenW
WideCharToMultiByte
GetCurrentProcessId
FreeLibrary
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedDecrement
GetModuleFileNameW
ActivateActCtx
ReleaseActCtx
DeactivateActCtx
TlsFree
GlobalFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
GetLastError
SetLastError

user32

SetCapture
MapVirtualKeyW
IsRectEmpty
CreatePopupMenu
GetMenuDefaultItem
RedrawWindow
SetLayeredWindowAttributes
EnumDisplayMonitors
KillTimer
SetTimer
DeleteMenu
ShowOwnedPopups
SetCursor
IntersectRect
InvalidateRect
SetRectEmpty
IsIconic
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
CharUpperW
DestroyIcon
GetDesktopWindow
RealChildWindowFromPoint
ClientToScreen
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
IsZoomed
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
GetAsyncKeyState
UpdateWindow
GetClientRect
PostMessageW
CreateWindowExW
SetWindowRgn
SetParent
ReleaseCapture
InvertRect
DrawFocusRect
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetWindowRect
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
HideCaret
EnableScrollBar
NotifyWinEvent
MessageBeep
GetNextDlgTabItem
OffsetRect
GetIconInfo
CopyImage
LoadImageW
GetNextDlgGroupItem
DrawIconEx
EndDialog
CreateDialogIndirectParamW
TranslateAcceleratorW
UnhookWindowsHookEx
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
GetParent
SendMessageW
GetWindowThreadProcessId
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
PostThreadMessageW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
DestroyAcceleratorTable
SetClassLongW
GetSystemMenu
LoadCursorW
GetWindowTextW
GetWindowTextLengthW
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindow
SetWindowPos
SetWindowLongW
GetMenu
DrawStateW
DrawEdge
DrawFrameControl
CopyAcceleratorTableW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
BringWindowToTop
InsertMenuItemW
LoadAcceleratorsW
LoadMenuW
ReuseDDElParam
UnpackDDElParam
SetRect
ShowScrollBar
WindowFromPoint
CreateAcceleratorTableW
SetCursorPos
LockWindowUpdate
GetKeyNameTextW
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
IsCharLowerW
MapVirtualKeyExW
UnionRect
UpdateLayeredWindow
MonitorFromPoint
IsMenu
GetWindowRgn
DestroyCursor
DrawIcon
MapDialogRect
SubtractRect
GetDoubleClickTime
CharUpperBuffW
CopyIcon
RegisterClipboardFormatW
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
SetMenuDefaultItem
CreateMenu
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
WaitMessage
SetMenu

gdi32

PtVisible
RectVisible
TextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateCompatibleBitmap
CreateRectRgnIndirect
SetRectRgn
CombineRgn
PatBlt
DPtoLP
CreateDIBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetBkColor
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateDIBSection
CreateRoundRectRgn
GetWindowExtEx
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
OffsetRgn
GetRgnBox
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetTextFaceW
CreatePalette
GetPixel
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
CreatePolygonRgn
GetLayout
GetDeviceCaps
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetTextExtentPoint32W
ExtTextOutW
BitBlt
CreateCompatibleDC
CreateFontIndirectW
DeleteObject
GetObjectW
SetBkColor
SetTextColor
CreateBitmap
CreateDCW
GetPaletteEntries
CopyMetaFileW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

comdlg32

GetFileTitleW

advapi32

RegQueryValueExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHAppBarMessage
SHBrowseForFolderW
DragQueryFileW
DragFinish
ShellExecuteW

ole32

OleRun
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
DoDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree

oleaut32

VariantChangeType
VariantClear
SysFreeString
VarBstrFromDate
VariantInit
SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocStringLen

shlwapi

PathRemoveFileSpecW
PathFindExtensionW
PathIsUNCW
PathStripToRootW
PathFindFileNameW

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat

msimg32

TransparentBlt
AlphaBlend

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

comctl32

ImageList_GetIconSize

Exports

Exports

MarketCreate
MarketRelease
_Finalize@0
_Initialize@4

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bigmouth.ai
nighttime.xlsx
relay.dll
.dll windows:5 windows x86 arch:x86

b621df906e0394d025a0242c6a967904

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

C:\Users\ICP221\perforce\_perforce\Installer\UniversalInstaller\2.5.30\Project\UIxStandard\Win\Release\relay.pdb

Imports

kernel32

InterlockedExchange
GetLocaleInfoW
GetUserDefaultUILanguage
GetFileAttributesExW
GetFileSizeEx
GetCurrentDirectoryW
GetWindowsDirectoryW
GetNumberFormatW
GetTempFileNameW
GetTempPathW
InitializeCriticalSectionAndSpinCount
GetTickCount
GetProfileIntW
SearchPathW
VirtualProtect
FindResourceExW
DecodePointer
GetCommandLineA
ExitThread
CreateThread
HeapAlloc
HeapFree
EncodePointer
RtlUnwind
RaiseException
HeapReAlloc
HeapSize
HeapQueryInformation
ExitProcess
GetSystemTimeAsFileTime
VirtualAlloc
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
SetHandleCount
GetStdHandle
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetTimeZoneInformation
GetStringTypeW
GetConsoleCP
GetConsoleMode
WriteConsoleW
SetEnvironmentVariableA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetFileSize
lstrcmpiW
GlobalFlags
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
lstrcmpW
lstrlenA
lstrcmpA
GlobalGetAtomNameW
CompareStringW
InterlockedIncrement
SetErrorMode
GetCurrentThreadId
ResumeThread
SetThreadPriority
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
InterlockedDecrement
ActivateActCtx
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
WideCharToMultiByte
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
lstrlenW
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
MultiByteToWideChar
GetFileTime
CreateFileW
GetProcAddress
FreeLibrary
LoadLibraryW
VerifyVersionInfoW
VerSetConditionMask
GetFileAttributesW
CopyFileW
FindClose
FindFirstFileW
lstrcpyW
ProcessIdToSessionId
GetCurrentProcessId
LocalFree
LocalAlloc
GetCurrentProcess
GetCurrentThread
CreateProcessW
GetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
GetModuleHandleW
Sleep
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetExitCodeProcess
WaitForSingleObject
GetProcessId
CloseHandle

user32

GetKeyboardState
CreateAcceleratorTableW
SetCursorPos
LockWindowUpdate
GetKeyNameTextW
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
IsCharLowerW
MapVirtualKeyExW
UnionRect
UpdateLayeredWindow
MonitorFromPoint
IsMenu
PostThreadMessageW
WaitMessage
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
SubtractRect
MapDialogRect
DrawIcon
DestroyCursor
GetWindowRgn
CopyImage
GetIconInfo
OffsetRect
GetNextDlgTabItem
MessageBeep
NotifyWinEvent
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
ReleaseCapture
GetAsyncKeyState
SetCapture
MapVirtualKeyW
IsRectEmpty
CreatePopupMenu
GetMenuDefaultItem
RedrawWindow
SetLayeredWindowAttributes
EnumDisplayMonitors
KillTimer
DeleteMenu
ShowOwnedPopups
SetCursor
InvalidateRect
SetRectEmpty
IsIconic
IntersectRect
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
CharUpperW
DestroyIcon
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetDesktopWindow
RealChildWindowFromPoint
ClientToScreen
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetKeyboardLayout
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetClientRect
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetWindowRect
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassW
SetWindowsHookExW
CallNextHookEx
GetActiveWindow
IsWindowVisible
SendMessageW
FindWindowExW
PostMessageW
RegisterClassExW
CreateWindowExW
GetSystemMetrics
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
UnhookWindowsHookEx
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
GetClassNameW
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
DefWindowProcW
ToUnicodeEx
CopyAcceleratorTableW
DrawFrameControl
DrawEdge
DrawStateW
GetSystemMenu
SetClassLongW
DestroyAcceleratorTable
SetWindowRgn
SetParent
IsZoomed
WindowFromPoint
SetRect
UnpackDDElParam
ReuseDDElParam
LoadMenuW
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
CreateDialogIndirectParamW
EndDialog
DrawIconEx
GetNextDlgGroupItem
GetCapture
LoadImageW
SetTimer

msimg32

TransparentBlt
AlphaBlend

comctl32

ImageList_GetIconSize

shlwapi

PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

netapi32

NetUserGetInfo
NetApiBufferFree

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

gdi32

SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
GetLayout
SetTextAlign
MoveToEx
LineTo
GetClipBox
SetMapMode
ExtSelectClipRgn
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetROP2
SetPolyFillMode
SetBkMode
DeleteDC
CreatePatternBrush
CreateCompatibleDC
RestoreDC
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
IntersectClipRect
CreateFontIndirectW
GetTextExtentPoint32W
CreateRectRgnIndirect
SetRectRgn
CombineRgn
PatBlt
DPtoLP
CreateCompatibleBitmap
CreateDIBitmap
GetTextMetricsW
EnumFontFamiliesW
GetTextCharsetInfo
GetBkColor
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
OffsetRgn
GetRgnBox
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetTextFaceW
ExcludeClipRect
CreateHatchBrush
SaveDC
DeleteObject
GetObjectW
SetBkColor
SetTextColor
CreateBitmap
CreateDCW
CopyMetaFileW
ScaleWindowExtEx
SetWindowExtEx
GetStockObject
GetDeviceCaps
OffsetWindowOrgEx

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

comdlg32

GetFileTitleW

advapi32

FreeSid
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
DuplicateToken
OpenProcessToken
OpenThreadToken
AccessCheck
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW

shell32

SHAppBarMessage
DragQueryFileW
DragFinish
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetFileInfoW
ShellExecuteExW
SHBrowseForFolderW

ole32

OleGetClipboard
CoLockObjectExternal
RevokeDragDrop
DoDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoTaskMemFree
CreateStreamOnHGlobal
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
RegisterDragDrop

oleaut32

VariantClear
VariantChangeType
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocStringLen
VarBstrFromDate
VariantInit
SysAllocString

Exports

Exports

Cancel
Finalize
Initialize
PrepareRun
Run

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12fbd1bc75de00e13e4da8fd25e68e9a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

oleacc

gdiplus

msimg32

imm32

winmm

comctl32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 271KB - Virtual size: 270KB

.data Size: 23KB - Virtual size: 53KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 165KB - Virtual size: 164KB

b621df906e0394d025a0242c6a967904

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msimg32

comctl32

shlwapi

oleacc

gdiplus

imm32

winmm

netapi32

wtsapi32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 261KB - Virtual size: 260KB

.data Size: 22KB - Virtual size: 52KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 162KB - Virtual size: 161KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 271KB - Virtual size: 270KB

.data
Size: 23KB - Virtual size: 53KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 165KB - Virtual size: 164KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 261KB - Virtual size: 260KB

.data
Size: 22KB - Virtual size: 52KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 162KB - Virtual size: 161KB