a785881a9cadb30202026191d72c14636053f85f285027d48b80824240c20025

Sharing

Copy URL

Twitter E-mail

General

Target

a785881a9cadb30202026191d72c14636053f85f285027d48b80824240c20025
Size

5.2MB
MD5

e8beda64d3d1bbb8771fb57089f920ab
SHA1

a7a53263fa8ad8b70c012eda30cea212bec90a1e
SHA256

a785881a9cadb30202026191d72c14636053f85f285027d48b80824240c20025
SHA512

7165cbbf6d05dba8f854cb0644c67057cfb4a903603bcba63f861c5878969944e1e2695c405cdd9c7418e87da242861a27cdeec3b1d6a11e02f120bdb752af52
SSDEEP

98304:7Ar7b9kMLJFH6tfRTd7GYYie7zqgWh+zUstv/Je51labI/67fkXe:7Ar7b9vaDRGYY/zu8zPReBa8Cku

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
a785881a9cadb30202026191d72c14636053f85f285027d48b80824240c20025
unpack001/$PLUGINSDIR/HFEOcvgSYMg.dll
unpack001/$PLUGINSDIR/ZjROYGvOsLF.dll
unpack001/$PLUGINSDIR/egfFekpNhqD.dll

Files

a785881a9cadb30202026191d72c14636053f85f285027d48b80824240c20025
.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 16.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/HFEOcvgSYMg.dll
.dll windows:5 windows x86 arch:x86

fc93ea6779fd630be855068ac4d7aa8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
SetStdHandle
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
LCMapStringW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
GetConsoleCP
GetACP
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
SetLastError
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryW
GetFileSize
GetProcAddress
LeaveCriticalSection
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
CloseHandle
lstrcpyW
WideCharToMultiByte
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetStdHandle
lstrcpynW
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
VirtualAlloc
GetFileType
HeapFree
CreateFileW

user32

wsprintfW

winspool.drv

DeviceCapabilitiesW
AddPrintProvidorA
PrinterMessageBoxW
AddPrintProcessorA
ClosePrinter
AddMonitorW
DeletePrinterConnectionA
EnumPrinterDataW
PrinterProperties
EnumMonitorsW
EnumJobsW
SetJobW
SetPortA
GetFormW

shell32

SHGetSpecialFolderPathA
ShellExecuteA
SHGetMalloc
SHGetDesktopFolder
FindExecutableW
SHGetFileInfoW
ExtractIconW
Shell_NotifyIconW

oleaut32

LoadRegTypeLi
VariantInit
VarCyFromBool
VarBstrFromUI4
VarI2FromUI4

advapi32

RegOpenKeyW
GetSidSubAuthority
IsTextUnicode
IsValidAcl

mprapi

MprAdminUserWrite
MprAdminPortEnum
MprAdminServerGetInfo
MprConfigInterfaceTransportEnum
MprConfigTransportCreate
MprConfigTransportGetInfo
MprConfigInterfaceTransportGetInfo
MprAdminInterfaceUpdatePhonebookInfo
MprAdminServerConnect
MprConfigInterfaceCreate
MprAdminInterfaceTransportRemove

psapi

GetModuleFileNameExA
InitializeProcessForWsWatch
GetProcessMemoryInfo
GetModuleBaseNameW
GetPerformanceInfo
EnumProcessModules
GetProcessImageFileNameW
EnumPageFilesW
GetModuleBaseNameA
GetModuleInformation
EnumProcesses
EmptyWorkingSet
GetDeviceDriverBaseNameA
GetModuleFileNameExW

powrprof

IsPwrSuspendAllowed
IsPwrHibernateAllowed
ReadProcessorPwrScheme
CanUserWritePwrScheme
WritePwrScheme
CallNtPowerInformation
IsPwrShutdownAllowed
DeletePwrScheme
GetActivePwrScheme

crypt32

CryptVerifyCertificateSignature
CryptMsgSignCTL
CryptImportPKCS8
CryptSignAndEncodeCertificate
CertRegisterSystemStore
CertFindSubjectInCTL
CertEnumCRLContextProperties
CryptFindOIDInfo
CryptVerifyDetachedMessageHash
CryptEncryptMessage
CryptExportPublicKeyInfo
CryptSIPVerifyIndirectData
CryptAcquireCertificatePrivateKey
CertDeleteCertificateFromStore
CertCreateCertificateChainEngine

rtutils

TraceRegisterExW
TraceDeregisterA
RouterGetErrorStringA
TraceVprintfExA
RouterLogEventDataA
TraceDeregisterExW
RouterLogEventStringW
RouterLogRegisterW
RouterLogDeregisterW
LogEventA
TraceRegisterExA
TracePutsExW
MprSetupProtocolFree

pdh

PdhGetLogSetGUID
PdhEnumObjectItemsA
PdhGetDataSourceTimeRangeH
PdhLookupPerfNameByIndexW
PdhCloseLog
PdhEnumObjectsA
PdhCreateSQLTablesA

uxtheme

GetThemeTextMetrics
GetThemeSysColorBrush
GetThemeBackgroundExtent
SetThemeAppProperties
GetThemePosition

secur32

GetUserNameExW
QueryCredentialsAttributesA
ExportSecurityContext
LsaConnectUntrusted
LsaGetLogonSessionData
LsaRegisterLogonProcess
QuerySecurityContextToken
DeleteSecurityPackageA
SealMessage
LsaFreeReturnBuffer
LsaLookupAuthenticationPackage
GetUserNameExA
InitSecurityInterfaceA
AcceptSecurityContext
TranslateNameA

p2p

PeerIdentitySetFriendlyName
PeerGroupDelete
PeerGroupSendData
PeerGroupEnumMembers
PeerPnrpResolve
PeerGroupIssueCredentials
PeerGroupGetRecord
PeerPnrpShutdown

resutils

ResUtilSetPrivatePropertyList
ResUtilFreeParameterBlock
ResUtilFindSzProperty
ResUtilGetSzProperty
ResUtilPropertyListFromParameterBlock

comctl32

ImageList_SetFilter
_TrackMouseEvent
FlatSB_GetScrollRange
ImageList_SetIconSize
FlatSB_ShowScrollBar
ImageList_BeginDrag

Exports

Exports

BlTKKhyT
DGMoTChJqIMe
FjumtodurMQyOhvAoNEo
IkXysYhJsElWrIGf
KEJJBlwgrZYTx
LNqyWOPmOB
MjSpEdAthM
MyivYwaMeNBlpD
NGgnHfpjttCqhQYxuN
NaEMJuuKwBReMdEJWqM
OImKuhgFX
QIXskYMPNJHIng
SRlpHXnafp
VFuRnIvIhejt
ZyTVMOwbaU
bwPJzhskhAzB
eDXgUDvpjDqthcfNe
eoTVbufZkOCGgtckOk
fdzhTRuHOl
gbIZBUfHJzAKnQBB
glUNAKC
hQbSUOIXFHcBqIiaDqS
hVlZZNpHFFllNkRr
jLHDwURJZPNxM
nEagPaD
nqyotsyeNGQF
pADOQcmmVtBz
raeXZNzoxTrUHWjxR
sKRfK
sMeJihbB
tZMlvzxOuvc
zzuPyyuHVvKaHrbLZ

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ZjROYGvOsLF.dll
.dll windows:5 windows x86 arch:x86

1fab96bc1ed57f90c649fd57c924b650

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetWaitableTimer
TlsFree
RtlUnwind
WriteConsoleW
CreateThread
ExitThread
FreeLibraryAndExitThread
ExitProcess
GetACP
WriteFile
WaitForSingleObjectEx
InterlockedFlushSList
EncodePointer
GetFileType
GetModuleFileNameA
GetModuleFileNameW
TlsSetValue
GetModuleHandleExW
TlsGetValue
GetDateFormatW
SystemTimeToFileTime
GetSystemInfo
ResumeThread
FoldStringW
SetEvent
Sleep
ReleaseSemaphore
WaitForMultipleObjects
WaitForSingleObject
FormatMessageA
LocalFree
CreateEventA
GetSystemDefaultLCID
GetCommandLineA
OpenProcess
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExA
FindNextFileA
GetOEMCP
GetCPInfo
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcAddress
FreeLibrary
lstrcmpW
GetTickCount
GetModuleHandleW
GetPriorityClass
FindResourceW
FindResourceExW
CloseHandle
LockResource
GetModuleHandleA
GetCompressedFileSizeW
GetSystemTimeAdjustment
SizeofResource
LoadLibraryExW
IsBadReadPtr
IsValidLocale
GlobalMemoryStatusEx
FindAtomA
LoadLibraryW
GetNativeSystemInfo
QueryPerformanceFrequency
LoadLibraryA
GetMailslotInfo
GetFileAttributesA
CreateEventW
IsValidCodePage
DuplicateHandle
GetComputerNameExW
GetCurrentThreadId
FindResourceA
CreateMutexW
CreateWaitableTimerW
GetStdHandle
SetLastError
VirtualProtect
GetBinaryTypeW
FindFirstFileExW
GetFileAttributesExA
GetThreadPriorityBoost
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
CreateFileW
WideCharToMultiByte
GlobalFree
lstrcpynW
CreateSemaphoreA
TlsAlloc
GetConsoleAliasExesLengthW
OpenEventA
GetConsoleAliasW
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
GetFileAttributesExW
CreateNamedPipeW
GetNumberOfConsoleMouseButtons
GetSystemTimeAsFileTime
GetThreadTimes
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
LoadResource
RaiseException
HeapFree
HeapReAlloc
GetLastError
MultiByteToWideChar
HeapSize
PrepareTape
InitializeCriticalSectionAndSpinCount
ResetEvent
GetTimeZoneInformation

user32

CreateMDIWindowW
CopyRect
ChangeMenuW
AppendMenuA
AdjustWindowRectEx
CreatePopupMenu
CharNextW
CharToOemBuffA
CallMsgFilterW
BroadcastSystemMessageExW
DeferWindowPos
DefWindowProcW
BroadcastSystemMessageExA
DlgDirListW
CheckRadioButton
CharPrevA
CreateWindowStationA
CreateIconIndirect

oleaut32

SysAllocStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SysAllocString

Exports

Exports

AskZzczWXwquKm
DxYQnxNKkIyxPPaNW
FeGlaDqdtCGTvfv
FxGcEDDVGUwlxAYENYvI
ISdKrvGuWTu
IbjzRSQ
IlPZjQVwPREkdk
JwQAepeW
LBBpdWTAKwbM
LbpYGCBvWkQZ
LhEIRqfkJpnjEfz
MWglXbN
MzzUBCWgjTC
NvPIeIebDQbcDH
OgpcwUywoGFZAszHWtDG
PSqJKBv
QGfoTmPnCcCmCTalUZh
QyxpSeAkgiyAc
RuLAU
SaCYQJtSqmMnik
TgHbWOEEa
VwJPfQ
WGfjhjoxxbO
WuPivdeqxxRglsxCf
XQXcBCwhpHjSWjweVqEU
XhHdHxNATm
XkATW
YXyehvEPbXVtql
YhqpUMIktKwmUBoXYDLu
caaYL
cwXJyxcwbLevboh
fJsnmh
gkjTIvMGVEKDIRo
hfkRGgOrmvHTmvprpleJ
jrhFAcBfMcbPZbShQCQd
kRxMuNGESQsk
kYYeaMjgddIxj
nMVyjKHKJClbbSJ
oQBQpsskmQSiOi
qpmLvtkYLGc
rINCx
rZMPKMAeTjLDAwXtNW
sFvUsRtzwLY
slXlUKkZxIYKCw
tyDBdhAeQTmOFnBUpW
xdjxVOYjLiVUdNVVZ
yppQCwOlzDUgkdO
ywRkUYLyXBvZhodU
zQbvilCcCEfyQ
zZrIodV

Sections

.text
Size: 521KB - Virtual size: 520KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 409KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/egfFekpNhqD.dll
.dll windows:5 windows x86 arch:x86

213c8226f43856f5db2c0402c1f813b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynW
WideCharToMultiByte
GlobalAlloc
VirtualAlloc
MultiByteToWideChar
GlobalFree
WriteConsoleW
SetEnvironmentVariableA
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
GetLastError
SetLastError
SetConsoleCtrlHandler
GetConsoleMode
GetStdHandle
GetFileType
GetCPInfo
IsDBCSLeadByte
CompareStringW
ExpandEnvironmentStringsW
FindClose
SetFileAttributesW
FreeLibrary
SetEndOfFile
SetFileTime
FlushFileBuffers
GetCurrentProcess
CreateDirectoryW
CreateFileW
RemoveDirectoryW
DeviceIoControl
CloseHandle
DeleteFileW
GetLongPathNameW
MoveFileW
GetShortPathNameW
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
LoadLibraryW
GetProcAddress
HeapFree
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteFile
GetModuleFileNameW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetStringTypeW
SetStdHandle
OutputDebugStringW
LCMapStringW
GetConsoleCP
SetFilePointerEx
InitializeCriticalSectionAndSpinCount

user32

OemToCharA
CharLowerW
CharUpperW
OemToCharBuffA
wsprintfW
CharToOemBuffW

oleaut32

SysFreeString
SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen

advapi32

LookupPrivilegeValueW
SetFileSecurityW
AdjustTokenPrivileges
OpenProcessToken

Exports

Exports

CjBAJhORnh
DtvqUd
DwGUQmHuQbfULeFoPHd
FBcHe
FRZnRjZOBfnU
GvPreWnjMwDBulXYA
MvyGJy
QCinnf
QmCiZrM
TjLEKB
WgHqwAQIT
bWgcBdm
cbN
errOcHKtwep
iVtIKshFAiUzIlUiKYaM
oSXYzZJP
qyaVd
wZTyjUhiSLiIOEgE

Sections

.text
Size: 484KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/hXdD.mp3

Sharing

General

Malware Config

Signatures

Files

bf95d1fc1d10de18b32654b123ad5e1f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 1.0MB

.rsrc Size: 104KB - Virtual size: 16.4MB

fc93ea6779fd630be855068ac4d7aa8b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winspool.drv

shell32

oleaut32

advapi32

mprapi

psapi

powrprof

crypt32

rtutils

pdh

uxtheme

secur32

p2p

resutils

comctl32

Exports

Exports

Sections

.text Size: 133KB - Virtual size: 133KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 272B

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 8KB - Virtual size: 8KB

1fab96bc1ed57f90c649fd57c924b650

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 521KB - Virtual size: 520KB

.rdata Size: 140KB - Virtual size: 140KB

.data Size: 9KB - Virtual size: 12KB

.rsrc Size: 409KB - Virtual size: 408KB

.reloc Size: 30KB - Virtual size: 29KB

213c8226f43856f5db2c0402c1f813b6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

oleaut32

advapi32

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 1.0MB

.rsrc
Size: 104KB - Virtual size: 16.4MB

.text
Size: 133KB - Virtual size: 133KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 272B

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 521KB - Virtual size: 520KB

.rdata
Size: 140KB - Virtual size: 140KB

.data
Size: 9KB - Virtual size: 12KB

.rsrc
Size: 409KB - Virtual size: 408KB

.reloc
Size: 30KB - Virtual size: 29KB

.text
Size: 484KB - Virtual size: 484KB

.rdata
Size: 109KB - Virtual size: 109KB

.data
Size: 7KB - Virtual size: 41KB

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 231KB - Virtual size: 230KB