ammyyadmin | www[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

www.exe
Size

7.3MB
MD5

d67d29dfc872a069a1f6fe7eec57becb
SHA1

e47cf8238cfb8aa1012e5de1e44d46b23d867f97
SHA256

72b228f51cf5a1b7600f0e0848145e4e54e54838977a5a5b1c85f69b64b92cf5
SHA512

8302ebb02d97800dc6495101129930606a65096556b1d004b94d757a31d0c8935edca87d072d8c0059c055203bead0a2d59a0cf7150f6f954b0be0bfc9849dc7
SSDEEP

196608:ip8HWcQHIEwwLeowyyYqjNct2TW/rQk6CN1VayQUoD:xHWcKI3f8gN7TW/0k6CN1VWtD

Score

10^/10

macro macro_on_action ammyyadmin

Malware Config

Signatures

AmmyyAdmin payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack002/$APPDATA/Wlanspeed/outst.exe	family_ammyyadmin

Ammyyadmin family
ammyyadmin

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

Processes:

resource	yara_rule
static1/unpack001/test/0b627b4eca9b9e8bd04a0d1a103876f6e0fa91049fd0b51bae9ae41acaacf15b.doc	office_macro_on_action

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

Processes:

resource
static1/unpack001/test/0b627b4eca9b9e8bd04a0d1a103876f6e0fa91049fd0b51bae9ae41acaacf15b.doc

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/test/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
unpack001/test/fe9d72dd4b046bafdd144902ab570297629f83d06afb5a9ba7703382a29d588f.exe
unpack002/$APPDATA/Wlanspeed/outst.exe
unpack002/$APPDATA/Wlanspeed/wlanspeed.exe
unpack002/$PLUGINSDIR/INetC.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsExec.dll
unpack002/$PROGRAMFILES/SinTech/TextEdit.exe

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
static1/unpack001/test/fe9d72dd4b046bafdd144902ab570297629f83d06afb5a9ba7703382a29d588f.exe	nsis_installer_1
static1/unpack001/test/fe9d72dd4b046bafdd144902ab570297629f83d06afb5a9ba7703382a29d588f.exe	nsis_installer_2

Files

www.exe
.zip
__MACOSX/._test
__MACOSX/test/._.DS_Store
__MACOSX/test/._0b627b4eca9b9e8bd04a0d1a103876f6e0fa91049fd0b51bae9ae41acaacf15b.doc
__MACOSX/test/._0dded430c1958ae0ec60c2d50ab99f562269ad1ee09db17606661bd55cd29c66.doc
__MACOSX/test/._91B5DB3C0CCBD68BD04C24571E27F99D.msi
__MACOSX/test/._ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
__MACOSX/test/._fe9d72dd4b046bafdd144902ab570297629f83d06afb5a9ba7703382a29d588f.exe
test/.DS_Store
test/0b627b4eca9b9e8bd04a0d1a103876f6e0fa91049fd0b51bae9ae41acaacf15b.doc
.doc windows office2003

ThisDocument

ulwMK8UL

hCxOn1

ZP5AW

f
test/0dded430c1958ae0ec60c2d50ab99f562269ad1ee09db17606661bd55cd29c66.doc
.doc windows office2003

pXirGKdhzK

jwCWVLSqL
test/91B5DB3C0CCBD68BD04C24571E27F99D.msi
.msi .vbs polyglot
test/ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
.exe windows:4 windows x86 arch:x86

68f013d7437aa653a8a98a05807afeb1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
GetFileSizeEx
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
ReadFile
GetFileSize
WriteFile
LeaveCriticalSection
EnterCriticalSection
SetFileAttributesW
SetCurrentDirectoryW
CreateDirectoryW
GetTempPathW
GetWindowsDirectoryW
GetFileAttributesA
SizeofResource
LockResource
LoadResource
MultiByteToWideChar
Sleep
OpenMutexA
GetFullPathNameA
CopyFileA
GetModuleFileNameA
VirtualAlloc
VirtualFree
FreeLibrary
HeapAlloc
GetProcessHeap
GetModuleHandleA
SetLastError
VirtualProtect
IsBadReadPtr
HeapFree
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryA
GetStartupInfoA
SetFilePointer
SetFileTime
GetComputerNameW
GetCurrentDirectoryA
SetCurrentDirectoryA
GlobalAlloc
LoadLibraryA
GetProcAddress
GlobalFree
CreateProcessA
CloseHandle
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
FindResourceA

user32

wsprintfA

advapi32

CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
CryptReleaseContext
RegCreateKeyW
RegSetValueExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA

msvcrt

realloc
fclose
fwrite
fread
fopen
sprintf
rand
srand
strcpy
memset
strlen
wcscat
wcslen
__CxxFrameHandler
??3@YAXPAX@Z
memcmp
_except_handler3
_local_unwind2
wcsrchr
swprintf
??2@YAPAXI@Z
memcpy
strcmp
strrchr
__p___argv
__p___argc
_stricmp
free
malloc
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
calloc
strcat
_mbsstr
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
test/fe9d72dd4b046bafdd144902ab570297629f83d06afb5a9ba7703382a29d588f.exe
.exe windows:4 windows x86 arch:x86

b78ecf47c0a3e24a6f4af114e2d1f5de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
GetFileAttributesA
SetFileAttributesA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
GetFullPathNameA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
CloseHandle
SetCurrentDirectoryA
MoveFileA
CompareFileTime
GetShortPathNameA
SearchPathA
lstrcmpiA
SetFileTime
lstrcmpA
ExpandEnvironmentStringsA
GlobalUnlock
GetDiskFreeSpaceA
GlobalFree
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/Wlanspeed/outst.exe
.exe windows:4 windows x86 arch:x86

4ce37a90a9a2fd90fcd2a0db88d60601

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetLastError
send
recv
select
WSAStartup
getpeername
getservbyport
ntohs
gethostbyaddr
gethostbyname
getservbyname
htonl
inet_ntoa
inet_addr
WSAIoctl
connect
accept
htons
bind
listen
socket
__WSAFDIsSet
shutdown
setsockopt
ioctlsocket
WSACleanup
closesocket

user32

FindWindowA
OpenDesktopA
VkKeyScanExA
SendMessageTimeoutA
LoadIconA
IntersectRect
IsWindowVisible
GetIconInfo
GetCursorInfo
EqualRect
OpenInputDesktop
CloseDesktop
GetUserObjectInformationA
LoadKeyboardLayoutA
EmptyClipboard
SetClipboardData
RegisterClassExA
GetDesktopWindow
PeekMessageA
MsgWaitForMultipleObjects
mouse_event
MapVirtualKeyA
LockWorkStation
SetThreadDesktop
keybd_event
SetDlgItemTextA
SetDlgItemInt
GetKeyboardState
ToAsciiEx
DestroyAcceleratorTable
TranslateAcceleratorA
CreateAcceleratorTableA
SetWindowTextA
ReleaseCapture
SetCapture
GetAsyncKeyState
GetThreadDesktop
SystemParametersInfoW
SwitchToThisWindow
SendMessageA
FindWindowW
MessageBoxA
ShowWindow
wsprintfA
RegisterClassExW
DestroyCursor
MessageBeep
wsprintfW
SetCursorPos
GetClipboardOwner
OpenClipboard
GetClipboardData
CloseClipboard
ShowWindowAsync
SetScrollInfo
GetWindow
WindowFromPoint
ReleaseDC
GetDC
DestroyIcon
DrawIconEx
LoadImageA
EnableWindow
SetDlgItemTextW
DestroyWindow
SetWindowPos
SetClassLongW
InsertMenuItemW
ChangeClipboardChain
MapWindowPoints
InsertMenuItemA
EnumWindows
GetClassNameA
GetWindowTextA
KillTimer
GetWindowLongW
PostMessageA
DrawTextW
SetRect
ShowScrollBar
IsIconic
ScrollWindowEx
AdjustWindowRectEx
GetMenuState
GetWindowPlacement
SetWindowPlacement
GetSysColorBrush
AppendMenuW
SetClipboardViewer
SetWindowsHookExA
UnhookWindowsHookEx
DrawTextA
EndDialog
CreateDialogParamW
DialogBoxParamA
CallWindowProcW
CallWindowProcA
DefWindowProcA
IsWindowUnicode
GetSystemMenu
RedrawWindow
InvalidateRect
DrawStateA
DrawEdge
GetClientRect
CreateWindowExA
IsWindow
GetParent
GetWindowLongA
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetActiveWindow
SetCursor
SetTimer
PostThreadMessageA
MoveWindow
BeginPaint
EndPaint
GetDlgItemInt
SendDlgItemMessageA
MapDialogRect
SetWindowLongA
ClientToScreen
LoadCursorA
RegisterClassW
CreateWindowExW
SetWindowLongW
UpdateWindow
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
ScreenToClient
SetWindowTextW
SetMenu
LoadMenuA
GetMenuItemInfoA
SetMenuItemInfoA
GetSubMenu
SetMenuItemInfoW
GetMenuItemID
EnableMenuItem
GetMenuItemCount
CheckMenuItem
GetKeyState
SetForegroundWindow
SetFocus
GetFocus
PostQuitMessage
DefWindowProcW
CreatePopupMenu
GetCursorPos
TrackPopupMenu
GetSysColor
GetSystemMetrics
GetMenuItemInfoW
DrawMenuBar
AppendMenuA
DestroyMenu
MessageBoxW
GetDlgItem
SendMessageW
GetWindowRect
SystemParametersInfoA

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteA
SHGetMalloc
ShellExecuteExW
SHGetFolderPathA
SHGetFolderPathW
SHGetFileInfoW
ShellExecuteW
SHGetSpecialFolderPathW
Shell_NotifyIconA

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

msvcrt

_strnicmp
_strupr
_strlwr
_controlfp
_iob
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_wcsicmp
wcschr
__CxxFrameHandler
strlen
isspace
memchr
_errno
strtol
isdigit
strstr
memcpy
??2@YAPAXI@Z
_purecall
free
memset
malloc
sprintf
printf
fwrite
srand
time
_CxxThrowException
rand
atol
_stricmp
isprint
tolower
strncpy
atoi
abs
wcscpy
strcmp
strcpy
wcslen
memcmp
iswspace
wcsncmp
_wtoi
_ultow
_stat
strchr
_ftol
swprintf
strcat
strtoul
calloc
_rotl
_rotr
fopen
fread
fclose
fseek
ftell
fflush
wcsncpy
wcsrchr
vsprintf
vswprintf
memmove
strrchr
strncmp
mbstowcs
wcscmp
wcsstr
iswdigit
_beginthreadex
_endthreadex
atof
_i64tow
wcscat
realloc
exit
fprintf
sscanf
getenv
floor
fputc
_CIpow
_CIacos
??1type_info@@UAE@XZ
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
_acmdln

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiClassGuidsFromNameA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList

advapi32

RegOpenKeyExA
FreeSid
SetFileSecurityW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertSidToStringSidA
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExA
ImpersonateLoggedOnUser
RevertToSelf
GetUserNameA
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExA
SetServiceStatus
SetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
CreateServiceW
DeleteService
ControlService
StartServiceA
StartServiceW
RegCreateKeyExA
RegQueryValueExW
RegSetValueExW
RegSetValueExA
RegDeleteKeyA
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
SetEntriesInAclA
AllocateAndInitializeSid

shlwapi

PathGetDriveNumberA

kernel32

SizeofResource
LoadResource
LockResource
GetLocalTime
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetFileTime
GetFileTime
OpenMutexA
CreateMutexA
ResetEvent
FindResourceExA
OpenEventA
CreateEventA
ExitProcess
SetUnhandledExceptionFilter
GetSystemDirectoryA
CompareFileTime
GetSystemTimeAsFileTime
GetSystemDirectoryW
lstrcatW
LoadLibraryW
QueryPerformanceFrequency
ReadFile
QueryPerformanceCounter
GetExitCodeProcess
BeginUpdateResourceW
EndUpdateResourceW
UpdateResourceA
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
LoadLibraryA
FreeLibrary
GetFileSize
SetFilePointer
WriteFile
WaitForSingleObject
CreateThread
GetFileAttributesW
GetStartupInfoW
CreateProcessW
lstrcmpiW
lstrcmpW
MulDiv
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
GetComputerNameA
LocalAlloc
GetExitCodeThread
SystemTimeToFileTime
MoveFileW
DeleteFileW
GetTempPathW
CreateFileW
FindFirstFileW
FindClose
CreateFileA
DeviceIoControl
GetUserDefaultUILanguage
GetModuleHandleA
GetProcAddress
GetLocaleInfoA
CreateDirectoryW
SetCurrentDirectoryW
SetProcessShutdownParameters
GetVersionExA
GetCurrentProcess
GetLastError
CloseHandle
LocalFree
GetCurrentThreadId
GetCurrentProcessId
Sleep
GetTickCount
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrlenW
TerminateProcess
GlobalUnlock
GlobalLock
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
GlobalAlloc
GetDriveTypeW
RemoveDirectoryW
FindNextFileW
SetFileAttributesW
GetLogicalDrives
ProcessIdToSessionId
SleepEx
CreateDirectoryA
DeleteFileA
GlobalFree
IsBadReadPtr
lstrcmpA
LocalFileTimeToFileTime
WaitNamedPipeW
lstrcpyA
GetCurrentDirectoryA
FindResourceA
DuplicateHandle
CreateSemaphoreA
SetThreadPriority
TlsSetValue
GetCurrentThread
TlsAlloc
ResumeThread
TlsGetValue
InterlockedExchange
GetStartupInfoA
SetEvent
SetLastError

Sections

.text
Size: 519KB - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/Wlanspeed/wlanspeed.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

ܶ9��9d��ÜW�'t��0��U��8J�� Y[�)��ɱHR�;p��0(w�MWlfWf1o �, ��px��}3�p�q�'针��n�,@�k�В�C��t�/52S:�N�>y��\W(�E(��d��ϴ��lSeZl�r��7��1'�!�Kqy䔯q�^[�(� ��.]�2Y�6d�5��|�I�T�T@7��9��Ԑ��i��u��E��MU�4�a��dK�T��~�H�D8��;+�F��b��)F1��Hp�߾�o��0��԰�J�|X�� 3�OW w�� o��2�[{�h�D�ၼ��% k"x��a��;<�^�%�x� �b�u�6��5�� g�R�U��1��\f��{ǔ�U� �a��Ux<v'�F��I�Ջ�V�|.�D[=��\T ��'�G��Xe�VD��Eox�$o�+�u��l�x�G=n�^��dW��S=6�C��~��a��F��+&��Ҵ��,��v��sB�Lm��y�S�u�Y/��0��=��Ν�Jɢ��KF8��t|]�ܓdӱ=��+)a�:��F�x�>�Sa�I"�H�,��16��X��hԽ��m{����[��Ub� ��F'��b��<;=�߮\�mu!⏊]�^�;��ng�2π�_�6g[D/�3m��pنlp��RG��శ�=r9�� WI�=ȼ�_mMF�<WaW�x�.#^�KbMR��C��,�ܿ>�q��D��mڐ�E|�{�O(��M�ѰM��٬iI�{�C��Ձ3��Ƶ�1z��Ԛ�x��V ��¹�/ ��򱳪��w�Xz�_4sz��w7z#gb<#�V��e"t��X�L�ݑPedA'��?�ֳ̡HwJoCVQ�Q��B,�Gc��S^/� K��ú3Ns�=�� l�rS۰O�m�CE{��˨t��"�\�`��^n��/�n��^A�trT�lw6�%�-�Z�s�N݇Fc�{G'YuX��28Z��%��%��O��ΎfB͹w�"Eַ�P��ն��]�x xb��ɑ�/�$�t�h�� ^hQ� ��b%��1l��0-��`��pmU��5��X1{FO��D@��)��8^\Ê�"\j]�ᑆ��L�m�繥�2��p>�"�2��C�0�S �,�왖�1��04��W�0��QM��횀W0|��ڶ&��0�34�Y&~��BJ��"�0%2�X�y��1�%:��{O�E��ͽ��O0�ixvۿ�֋%f紘^��4�2��Q�f1��XEq��B`Oz��,�f��m0�6��;�__p��v��8A?|%��0��L��v��kLƙ�"*�{q<~��t��C}��n�%�Q_;�GpE�[�Ң��|��'?�J��T�j�#+;��:��De�jm@!�� y�r430��Uc+!�=� 9��p�~z:�NCm��x��4{��-4j�N��O%ЄC�`��?�+#� 0�� :��LZ��*�ؑ�U��8 ��I��>��Zm�W,�e��w} ��1��e�;��V�ȱol��j�hG ��+��Yu�Ax]�P�e[&��;1Go��#�� E��5�|T��-��>Y��$&Z�I��4ٱU��`.��ɰ�i��H�>N9��T��X^��L=�2��{��պ� ��ӈ��»��3��W9�62'�4#��.A��>��f�A��ķ�7�!:�w0]��3��۰��Eu)�{^>�¦�K��Zܓ��6e�c��T\d%��n'G�s5�F��黟^�=�8�W��."Ӈɤ|��f�NI�ۦ��}��`��œ7K��L9��+�O�Q�#�!$��>�)d0&`OvX(��`rT[�j<�LU�w<�9��=��b�M�+�Kc1NƥZ�pR�\��xʋ8�A��0��J��u��Ѻ�ܯ��0.��֫��Ja鋩��!>�&Ĺlxmk%��U��ȁ�p �$vr�3�1;�>Q��sU��}Ƙ7Rg��H6�6��(� �d.�C�H�)�2A�oH��N�Zk7��|/�/��뫅Z�U��P�߁��Lo��R`4)��Lg��0��QŶ��e9��ՑC�y̋h.�k44��,6) ��(��Ncڈ~��* �&��p�QO��Wd�}dW-ど��dS�b��e��#u:��'��7��}~��զeR��U/�!��@�h#:�!�wY+�q�Q]i�|�dNP�;G�6 �D��r��:Z��JO�c�G��GL��1��@d`7@9�pmd9��5�`$�s��_�e9��ޔ@��G��Pb��t1��U��7tU=��q#��:C�!0�1�!+�4�!\��SWɪa��S��]�Md�K-�ã0��x��o��,�/gB8KN.N�l�-\�p+��_�Y%�1C��Jҗ��5Blѹ��Y�݁}A1)v��3��RᢣjyP7O��:tO7pUI��fˇ��{*7�A�'�<��<-7�y��W�x�h��O?��M¸ʉrHf�h�fQ�S��Lqn�V��Te�bW1;�K��L��v0Ӫ��G1@�|�yI7h �|=��d�x��9�B�6�Ct�-��X׋f�Ta'S-y��*j/��6�E�q��h��ٵ�5x�/��t�zp��0Y�Y�ض�� zI�jc��m_~�D��%��40��ހ4w��u_��G��W�"��U9�k A<�_�_��[��D�l�S��$�֝ �8G~��B��p4_��zT�R��,��'f��Me��I��E��$U��ŏC@?��2�!TI�)|�.M��r=�S�JK��3� >+ڸ�>��`�L|O*V玹��J��c��M��ĕrw<n9��}N��9��>Y��IxEپ��fa��Mۃ��y�ǵ]^��a1m#-�"$�0v��<$Q1X>2Z��=q<�x��3��C6�� t�"��)�Q�|�� T�&��lXy��r�K�#�^!s�TSDh��zo{�I鷂� ܎�ш%طrv�=*��B��<��`$��x <[E��!�a�� !AI��g�,H��`�\�r��uZ�f 4��1�7c�� -hc�� c��֟ޖ#��P.AI��\��%y��,

Sections

Size: 268KB - Virtual size: 536KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 32KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 40KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 192KB - Virtual size: 9.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/INetC.dll
.dll windows:4 windows x86 arch:x86

8ef3613e48db9e7b48e33704238cd659

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
LocalFree
lstrcpynA
DeleteFileA
CreateThread
WideCharToMultiByte
lstrcpyA
TerminateThread
LocalAlloc
MulDiv
WaitForSingleObject
GetModuleHandleA
ReadFile
lstrlenA
lstrcatA
GetTickCount
CreateFileA
GetFileSize
GetLastError
lstrcmpiA
CloseHandle
GetProcAddress
lstrcmpA
WriteFile
GlobalFree
GlobalAlloc
SleepEx
SetFilePointer

user32

RedrawWindow
GetMessageA
wsprintfA
DestroyWindow
EnableWindow
GetDlgItem
UpdateWindow
LoadIconA
SetWindowTextA
IsWindowVisible
SystemParametersInfoA
GetWindowLongA
GetParent
MessageBoxA
SetWindowLongA
DispatchMessageA
KillTimer
PostMessageA
GetWindowTextA
IsWindow
SendDlgItemMessageA
CreateDialogParamA
TranslateMessage
ShowWindow
IsDialogMessageA
GetWindowRect
SetTimer
SetDlgItemTextA
SetWindowPos
SendMessageA
GetClientRect
FindWindowExA

comctl32

ord17

wininet

InternetReadFile
InternetErrorDlg
HttpQueryInfoA
InternetQueryOptionA
InternetSetOptionA
FtpCreateDirectoryA
InternetConnectA
InternetWriteFile
InternetSetFilePointer
FtpOpenFileA
HttpEndRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetOpenA
InternetGetLastResponseInfoA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestExA
InternetCloseHandle

Exports

Exports

get
head
post
put

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

46f8b6973f33717335c0f6d8087de67b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrlenA
GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
lstrcpynA
ReadFile
PeekNamedPipe
GetTickCount
lstrcpyA
CreateProcessA
GetStartupInfoA
GetProcAddress
GetVersion
DeleteFileA
lstrcmpiA
GetCurrentProcess
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
CreatePipe
GlobalLock
lstrcatA

user32

SendMessageA
OemToCharBuffA
FindWindowExA
CharNextA
wsprintfA
CharPrevA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 458B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/SinTech/TextEdit.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

F:soKO[
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/SinTech/TextEdit.exe.config

Sharing

General

Malware Config

Signatures

Files

ThisDocument

ulwMK8UL

hCxOn1

ZP5AW

f

pXirGKdhzK

jwCWVLSqL

68f013d7437aa653a8a98a05807afeb1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 3.3MB - Virtual size: 3.3MB

b78ecf47c0a3e24a6f4af114e2d1f5de

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 149KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 3KB - Virtual size: 2KB

4ce37a90a9a2fd90fcd2a0db88d60601

Headers

File Characteristics

Imports

ws2_32

user32

shell32

msvcp60

msvcrt

setupapi

advapi32

shlwapi

kernel32

Sections

.text Size: 519KB - Virtual size: 520KB

.rdata Size: 97KB - Virtual size: 100KB

.data Size: 77KB - Virtual size: 108KB

.rsrc Size: 1KB - Virtual size: 1KB

Headers

File Characteristics

Exports

Exports

Sections

Size: 268KB - Virtual size: 536KB

Size: 32KB - Virtual size: 104KB

Size: 40KB - Virtual size: 108KB

Size: 12KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 4KB

Size: 192KB - Virtual size: 9.6MB

.data Size: 2.7MB - Virtual size: 2.7MB

8ef3613e48db9e7b48e33704238cd659

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 149KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 519KB - Virtual size: 520KB

.rdata
Size: 97KB - Virtual size: 100KB

.data
Size: 77KB - Virtual size: 108KB

.rsrc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 4KB

.data
Size: 2.7MB - Virtual size: 2.7MB

.text
Size: 14KB - Virtual size: 13KB

.data
Size: 2KB - Virtual size: 15KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 851B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 608B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 458B

F:soKO[
Size: 32KB - Virtual size: 32KB

.text
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B