Malware-1[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Malware-1.zip
Size

2.1MB
MD5

17c624245f92ac5bfe4aa7b8b0a5fcf3
SHA1

5f81a3b2923f923a913144009ddb4440ad01c440
SHA256

2c5d003e79e09c518aa19b703b9256a1d99dbae7f78ca06c1525114c5e521793
SHA512

81684ecead216eb4e912c1a8898f47c57e1c54ba03c47c10e8f4373ab9fecffd241d1fd6a5a6f736fb210d50bee5c6d1a770c27c2d1850e1daea8398bc365cd1
SSDEEP

49152:yf8ADgcm8vNoDZRTBakbtxxL3sdkxW5DS5zsmAoOWbB82+e8p:YDgcm5DTBX7xilS5zs3Wz+e8p

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/update.dll
unpack001/wsus.exe

Files

Malware-1.zip
.zip
update.dll
.dll windows:6 windows x64 arch:x64

e6b4c28f3feea2f44eca52f203e224c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

dbghelp

SymGetModuleBase64
SymFunctionTableAccess64
StackWalk64
SymFromAddr
SymInitialize
SymGetOptions
SymSetOptions

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winhttp

WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
BuildSecurityDescriptorW
RegSetKeyValueW
RegGetValueA
SystemFunction036

kernel32

GetCommandLineA
HeapSize
GetCurrentDirectoryW
SetStdHandle
GetCommandLineW
GetTimeZoneInformation
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
FlushFileBuffers
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitOnceExecuteOnce
GetSystemTime
SystemTimeToFileTime
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
RaiseException
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
WaitForSingleObject
CreateThread
GetThreadId
GetModuleHandleA
GetCurrentProcess
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
RemoveDirectoryW
GetLastError
GetModuleFileNameW
GetModuleFileNameA
GetCurrentProcessId
VirtualQuery
FreeLibrary
LoadLibraryExW
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
TerminateProcess
RtlCaptureStackBackTrace
GetCurrentThread
CreateFileW
GetFileAttributesW
LockFileEx
SetEndOfFile
UnlockFileEx
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
SetEvent
SleepEx
CreateEventW
Sleep
GetCurrentThreadId
CreateProcessW
OpenProcess
GetVersion
GetModuleHandleW
WerRegisterRuntimeExceptionModule
GetFileSizeEx
ReadFile
SetFilePointerEx
WriteFile
FindFirstFileExW
GetFileTime
LoadLibraryW
SetLastError
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetSystemTimeAsFileTime
LocalFree
OutputDebugStringW
GetLocalTime
FormatMessageW
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InitOnceBeginInitialize
InitOnceComplete
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetFullPathNameW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetConsoleCtrlHandler
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
HeapReAlloc
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW

Exports

Exports

sentry_add_breadcrumb
sentry_capture_event
sentry_clear_crashed_last_run
sentry_clear_modulecache
sentry_close
sentry_end_session
sentry_envelope_free
sentry_envelope_get_event
sentry_envelope_get_transaction
sentry_envelope_serialize
sentry_envelope_write_to_file
sentry_event_add_exception
sentry_event_add_thread
sentry_event_value_add_stacktrace
sentry_flush
sentry_free
sentry_get_crashed_last_run
sentry_get_modules_list
sentry_handle_exception
sentry_init
sentry_malloc
sentry_new_function_transport
sentry_options_add_attachment
sentry_options_add_attachmentw
sentry_options_free
sentry_options_get_auto_session_tracking
sentry_options_get_ca_certs
sentry_options_get_debug
sentry_options_get_dist
sentry_options_get_dsn
sentry_options_get_environment
sentry_options_get_http_proxy
sentry_options_get_max_breadcrumbs
sentry_options_get_max_spans
sentry_options_get_release
sentry_options_get_require_user_consent
sentry_options_get_sample_rate
sentry_options_get_shutdown_timeout
sentry_options_get_symbolize_stacktraces
sentry_options_get_traces_sample_rate
sentry_options_get_transport_thread_name
sentry_options_new
sentry_options_set_auto_session_tracking
sentry_options_set_backend
sentry_options_set_before_send
sentry_options_set_ca_certs
sentry_options_set_database_path
sentry_options_set_database_pathw
sentry_options_set_debug
sentry_options_set_dist
sentry_options_set_dsn
sentry_options_set_environment
sentry_options_set_handler_path
sentry_options_set_handler_pathw
sentry_options_set_http_proxy
sentry_options_set_logger
sentry_options_set_max_breadcrumbs
sentry_options_set_max_spans
sentry_options_set_on_crash
sentry_options_set_release
sentry_options_set_require_user_consent
sentry_options_set_sample_rate
sentry_options_set_shutdown_timeout
sentry_options_set_symbolize_stacktraces
sentry_options_set_system_crash_reporter_enabled
sentry_options_set_traces_sample_rate
sentry_options_set_transport
sentry_options_set_transport_thread_name
sentry_reinstall_backend
sentry_remove_context
sentry_remove_extra
sentry_remove_fingerprint
sentry_remove_tag
sentry_remove_user
sentry_sdk_name
sentry_sdk_user_agent
sentry_sdk_version
sentry_set_context
sentry_set_extra
sentry_set_fingerprint
sentry_set_level
sentry_set_span
sentry_set_tag
sentry_set_transaction
sentry_set_transaction_object
sentry_set_user
sentry_shutdown
sentry_span_finish
sentry_span_iter_headers
sentry_span_remove_data
sentry_span_remove_tag
sentry_span_set_data
sentry_span_set_status
sentry_span_set_tag
sentry_span_start_child
sentry_start_session
sentry_transaction_context_new
sentry_transaction_context_remove_sampled
sentry_transaction_context_set_name
sentry_transaction_context_set_operation
sentry_transaction_context_set_sampled
sentry_transaction_context_update_from_header
sentry_transaction_finish
sentry_transaction_iter_headers
sentry_transaction_remove_data
sentry_transaction_remove_tag
sentry_transaction_set_data
sentry_transaction_set_name
sentry_transaction_set_status
sentry_transaction_set_tag
sentry_transaction_start
sentry_transaction_start_child
sentry_transport_free
sentry_transport_new
sentry_transport_set_flush_func
sentry_transport_set_free_func
sentry_transport_set_shutdown_func
sentry_transport_set_startup_func
sentry_transport_set_state
sentry_unwind_stack
sentry_unwind_stack_from_ucontext
sentry_user_consent_get
sentry_user_consent_give
sentry_user_consent_reset
sentry_user_consent_revoke
sentry_uuid_as_bytes
sentry_uuid_as_string
sentry_uuid_from_bytes
sentry_uuid_from_string
sentry_uuid_is_nil
sentry_uuid_new_v4
sentry_uuid_nil
sentry_value_append
sentry_value_as_double
sentry_value_as_int32
sentry_value_as_string
sentry_value_decref
sentry_value_freeze
sentry_value_get_by_index
sentry_value_get_by_index_owned
sentry_value_get_by_key
sentry_value_get_by_key_owned
sentry_value_get_length
sentry_value_get_type
sentry_value_incref
sentry_value_is_frozen
sentry_value_is_null
sentry_value_is_true
sentry_value_new_bool
sentry_value_new_breadcrumb
sentry_value_new_double
sentry_value_new_event
sentry_value_new_exception
sentry_value_new_int32
sentry_value_new_list
sentry_value_new_message_event
sentry_value_new_null
sentry_value_new_object
sentry_value_new_stacktrace
sentry_value_new_string
sentry_value_new_thread
sentry_value_refcount
sentry_value_remove_by_index
sentry_value_remove_by_key
sentry_value_set_by_index
sentry_value_set_by_key
sentry_value_set_stacktrace
sentry_value_to_json
sentry_value_to_msgpack

Sections

.text
Size: 397KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

0dRs
Size: 304KB - Virtual size: 308KB

IMAGE_SCN_MEM_READ
wsus.exe
.exe windows:6 windows x64 arch:x64

b110cc94f957d8443640d5de2ee1f585

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Jenkins\workspace\consumer-12-0-1-service\bin\Release\x64\ViprePPLSvc.pdb

Imports

kernel32

GetLocalTime
GetTimeZoneInformation
FileTimeToLocalFileTime
SetLastError
GetDriveTypeW
LocalFree
EnterCriticalSection
FileTimeToSystemTime
LeaveCriticalSection
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
WideCharToMultiByte
OutputDebugStringA
GetModuleHandleExW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
lstrcmpA
GlobalGetAtomNameW
GlobalAddAtomW
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
LoadLibraryExW
lstrcmpiW
EncodePointer
CompareStringW
GetLocaleInfoW
GetUserDefaultUILanguage
GlobalFlags
lstrcmpW
SetThreadPriority
ResumeThread
GlobalDeleteAtom
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
FreeResource
GlobalFindAtomW
GetCurrentDirectoryW
VirtualProtect
lstrcpyW
GetTempFileNameW
GetTempPathW
GetTickCount
GetProfileIntW
SearchPathW
GetUserDefaultLCID
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentProcessId
OutputDebugStringW
LCMapStringW
GetStringTypeW
GetCPInfo
OpenEventW
RtlUnwindEx
RtlPcToFileHeader
GetStdHandle
GetFileType
WriteConsoleW
MoveFileExW
GetFileInformationByHandle
PeekNamedPipe
HeapQueryInformation
CreateThread
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetCommandLineW
GetSystemInfo
VirtualAlloc
VirtualQuery
QueryPerformanceFrequency
SetStdHandle
ExitProcess
GetACP
GetConsoleMode
SetFilePointerEx
GetConsoleCP
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetVersionExW
FreeLibrary
LoadLibraryW
GetCurrentProcess
GetCurrentThreadId
VerifyVersionInfoW
VerSetConditionMask
FindFirstFileExW
MultiByteToWideChar
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesW
GetWindowsDirectoryW
GetFileSize
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FindResourceExW
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
InstallELAMCertificateInfo
CreateFileW
Sleep
QueueUserWorkItem
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteFileW
CopyFileW
GetSystemDirectoryW
WaitForSingleObject
CreateEventW
CloseHandle
SetEvent
FormatMessageW
LocalAlloc
GetModuleHandleW
GetProcAddress
WaitForMultipleObjects
GetLastError
OpenProcess
InitializeSListHead
GetModuleFileNameW

user32

DestroyMenu
GetMenuItemInfoW
InflateRect
SendDlgItemMessageA
SetRectEmpty
OffsetRect
GetAsyncKeyState
MapDialogRect
IntersectRect
TrackMouseEvent
LoadImageW
CreatePopupMenu
GetMenuDefaultItem
GetNextDlgGroupItem
SetCapture
ReleaseCapture
WindowFromPoint
DrawFocusRect
IsRectEmpty
DrawIconEx
GetIconInfo
MessageBeep
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
MapVirtualKeyW
GetKeyNameTextW
LoadMenuW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongPtrW
SetWindowRgn
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
DrawFrameControl
IsZoomed
GetSystemMenu
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
DrawIcon
UnionRect
UpdateLayeredWindow
MonitorFromPoint
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageW
WaitMessage
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetWindowDC
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
GetDlgItem
SetWindowPos
MoveWindow
ShowWindow
IsWindow
EndDialog
SetScrollPos
SetFocus
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RealChildWindowFromPoint
GetWindow
GetClassNameW
GetDesktopWindow
PtInRect
ClientToScreen
GetWindowRect
SetWindowTextW
GetFocus
GetDlgCtrlID
CharUpperW
DestroyIcon
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
GetWindowThreadProcessId
GetParent
GetWindowLongW
MessageBoxW
IsWindowEnabled
EnableWindow
SendMessageW
LoadCursorW
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
UnhookWindowsHookEx
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetTopWindow
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
EqualRect
CopyRect
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetClientRect
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
ScrollWindow
RedrawWindow
EndPaint
BeginPaint
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
CheckDlgButton
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetNextDlgTabItem
CreateDialogIndirectParamW
InvalidateRect
KillTimer
SetTimer
DeleteMenu
SetCursor
ShowOwnedPopups
SystemParametersInfoW
CopyImage
GetScrollPos
FillRect
GetMessagePos
RegisterWindowMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
SetForegroundWindow
IsIconic
PostQuitMessage
PostMessageW
IsDialogMessageW
SetWindowLongW
GetUpdateRect
GetClassInfoW

advapi32

CryptReleaseContext
SetSecurityDescriptorDacl
MakeSelfRelativeSD
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
FreeSid
AllocateAndInitializeSid
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
NotifyServiceStatusChangeW
DeleteService
QueryServiceStatus
ControlService
OpenServiceW
CloseServiceHandle
ChangeServiceConfig2W
CreateServiceW
OpenSCManagerW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHAppBarMessage
DragFinish
DragQueryFileW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW
SHGetFileInfoW
SHGetFolderPathW
SHCreateDirectoryExW

ole32

OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleRun
OleLockRunning
CoUninitialize
CoCreateInstance
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoInitialize
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
SysFreeString
GetErrorInfo
VariantChangeType
VariantCopy
LoadTypeLi
SysStringLen
VarBstrFromDate

msimg32

TransparentBlt
AlphaBlend

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
StrFormatKBSizeW

uxtheme

CloseThemeData
OpenThemeData
DrawThemeBackground
GetThemeColor
DrawThemeParentBackground
GetThemePartSize
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName
IsAppThemed
GetWindowTheme
DrawThemeText

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

gdiplus

GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipDeleteGraphics
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipBitmapUnlockBits
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImagePixelFormat

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

gdi32

MoveToEx
TextOutW
ExtTextOutW
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
CombineRgn
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
GetObjectW
SetTextColor
SetBkColor
CreateBitmap
DeleteObject
GetDeviceCaps
CreateDCW
SetViewportExtEx
CreateRectRgnIndirect
GetTextFaceW
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
OffsetRgn
GetRgnBox
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
CreateCompatibleBitmap
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
GetTextMetricsW
DPtoLP
SetRectRgn
PatBlt
CopyMetaFileW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 788KB - Virtual size: 788KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

TCW5$
Size: 304KB - Virtual size: 308KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6b4c28f3feea2f44eca52f203e224c5

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

version

winhttp

advapi32

kernel32

Exports

Exports

Sections

.text Size: 397KB - Virtual size: 396KB

.rdata Size: 115KB - Virtual size: 114KB

.data Size: 7KB - Virtual size: 13KB

.pdata Size: 23KB - Virtual size: 22KB

CPADinfo Size: 512B - Virtual size: 56B

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 1024B - Virtual size: 1012B

.reloc Size: 3KB - Virtual size: 2KB

0dRs Size: 304KB - Virtual size: 308KB

b110cc94f957d8443640d5de2ee1f585

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

msimg32

shlwapi

uxtheme

oleacc

gdiplus

imm32

winmm

gdi32

winspool.drv

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 788KB - Virtual size: 788KB

.data Size: 35KB - Virtual size: 95KB

.pdata Size: 99KB - Virtual size: 98KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 63KB - Virtual size: 62KB

TCW5$ Size: 304KB - Virtual size: 308KB

.text
Size: 397KB - Virtual size: 396KB

.rdata
Size: 115KB - Virtual size: 114KB

.data
Size: 7KB - Virtual size: 13KB

.pdata
Size: 23KB - Virtual size: 22KB

CPADinfo
Size: 512B - Virtual size: 56B

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1024B - Virtual size: 1012B

.reloc
Size: 3KB - Virtual size: 2KB

0dRs
Size: 304KB - Virtual size: 308KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 788KB - Virtual size: 788KB

.data
Size: 35KB - Virtual size: 95KB

.pdata
Size: 99KB - Virtual size: 98KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 63KB - Virtual size: 62KB

TCW5$
Size: 304KB - Virtual size: 308KB