74723b8f53fca55f5e0b5755465a69d78960131ec9dd49445b8bde4354d0c94d

Sharing

Copy URL

Twitter E-mail

General

Target

74723b8f53fca55f5e0b5755465a69d78960131ec9dd49445b8bde4354d0c94d
Size

4.5MB
MD5

17caf50a89e0ca1e1e3e85cf7b14c509
SHA1

b4703fe095593e0978964c64db00cc142a0c672b
SHA256

74723b8f53fca55f5e0b5755465a69d78960131ec9dd49445b8bde4354d0c94d
SHA512

6acc0627291e232e89e5f2b8db73550e134d8cf7c217c4ab55fee1293f9c01537f9d8e13b05c0fa6e6e4143e7de35bdda754b6706ee6cf0be655be9392bd119e
SSDEEP

98304:z27lsFWcG7V95lWEw58NQM8mxozibMW+kt1bPaf1FA1kOf2fBPxO41EEqCI4:zSjvV95oEGoQM8mezibMmdatTO61EEqC

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

Processes:

resource
74723b8f53fca55f5e0b5755465a69d78960131ec9dd49445b8bde4354d0c94d
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UAC.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/Notepad2.exe
unpack001/patch.exe
unpack001/setup.exe

Files

74723b8f53fca55f5e0b5755465a69d78960131ec9dd49445b8bde4354d0c94d
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 900KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

0ef725341a4aecf8398c0e2132f38049

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetCurrentProcessId
GetCommandLineW
GetProcAddress
CreateThread
GlobalFree
LoadLibraryA
OpenProcess
GlobalAlloc
CreateFileMappingW
Sleep
MapViewOfFile
GetModuleHandleW
UnmapViewOfFile
CreateEventW
SetCurrentDirectoryW
GetVersionExW
GetExitCodeProcess
lstrcatW
LocalFree
GetPrivateProfileStringW
FormatMessageW
GetPrivateProfileIntW
CreateProcessW
CloseHandle
GetLastError
DuplicateHandle
GetCurrentThreadId
lstrlenW
SetEvent
WaitForSingleObject
lstrcmpiW
GetExitCodeThread
GetModuleFileNameW

user32

SetWindowPos
GetClientRect
GetWindowThreadProcessId
SetWindowLongW
DefWindowProcW
GetDlgItem
CallWindowProcW
CallNextHookEx
GetClassNameW
PeekMessageW
DestroyWindow
SendMessageW
SetForegroundWindow
IsWindowVisible
MsgWaitForMultipleObjects
LoadStringW
EndDialog
EnableWindow
DialogBoxParamW
LoadImageW
MessageBoxW
GetWindowLongW
DispatchMessageW
ShowWindow
wsprintfW
CreateDialogParamW
GetWindowRect
IsDialogMessageW
FindWindowExW
CharNextW
CreateWindowExW
LoadIconW
PostMessageW
SetWindowsHookExW
UnhookWindowsHookEx
TranslateMessage

shell32

ShellExecuteExW

advapi32

OpenServiceW
QueryServiceStatus
CloseServiceHandle
OpenProcessToken
OpenSCManagerW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
EqualSid

ole32

CoInitialize

Exports

Exports

_

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:5 windows x86 arch:x86

45d25ca52c312b2254c60dbcb30342d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynW
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 686B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:5 windows x86 arch:x86

8700d0ebbb41c81ea52718af1ab70a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
MultiByteToWideChar
lstrlenA
lstrcmpiW
lstrlenW
ExitProcess
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcpynW
GetCommandLineW
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
GetModuleHandleW
GetTickCount
GetStartupInfoW
CreatePipe
GetVersionExW
GlobalLock
DeleteFileW
lstrcatW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetProcAddress
PeekNamedPipe
GetCurrentProcess

user32

CharPrevW
CharNextW
SendMessageW
FindWindowExW
wsprintfW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Notepad2.exe
.exe .ps1 windows:5 windows x86 arch:x86 polyglot

8d6b9d4150dcb8cf1245a4bb0429719b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadResource
FindResourceW
SearchPathW
GetCommandLineW
GetPrivateProfileStringW
CreateProcessW
GetStartupInfoW
FindNextChangeNotification
CompareFileTime
FindClose
FindFirstFileW
FindCloseChangeNotification
FindFirstChangeNotificationW
GetTimeFormatW
GetDateFormatW
SetFileAttributesW
GetLocalTime
SetErrorMode
SetCurrentDirectoryW
GetVersion
LockResource
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
SizeofResource
FreeResource
WritePrivateProfileSectionW
GetPrivateProfileSectionW
GetLocaleInfoW
ExpandEnvironmentStringsW
GetLongPathNameW
GetWindowsDirectoryW
GetCurrentProcess
GetModuleHandleA
SetEndOfFile
WriteFile
CreateFileW
GetLastError
GetFileSize
ReadFile
lstrcmpiA
lstrcmpA
lstrcpynA
lstrcatA
lstrlenA
GetOEMCP
LocalSize
lstrcpyA
lstrcmpW
GetPrivateProfileIntW
LocalAlloc
CreateThread
CreateEventW
CloseHandle
ResetEvent
WaitForSingleObject
GetFileAttributesW
SetEvent
ExitThread
lstrcpynW
lstrcatW
lstrcmpiW
GetModuleFileNameW
lstrcpyW
GetCurrentDirectoryW
FormatMessageW
LocalFree
lstrlenW
WritePrivateProfileStringW
LCMapStringW
GetTickCount
GlobalFree
GlobalSize
GlobalUnlock
GlobalAlloc
GlobalLock
IsValidCodePage
GetCPInfo
WideCharToMultiByte
GetLocaleInfoA
GetModuleHandleW
GetVersionExW
InitializeCriticalSection
LoadLibraryW
GetProcAddress
FreeLibrary
LoadLibraryA
MultiByteToWideChar
DeleteCriticalSection
LeaveCriticalSection
IsDBCSLeadByteEx
QueryPerformanceFrequency
QueryPerformanceCounter
GetACP
MulDiv
EnterCriticalSection

user32

SetMenuDefaultItem
ShowOwnedPopups
TrackPopupMenuEx
GetSubMenu
LoadMenuW
PostQuitMessage
ChangeClipboardChain
RegisterClassW
IsDialogMessageW
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
RegisterWindowMessageW
MessageBoxW
MessageBoxIndirectW
LoadStringW
wvsprintfW
CharPrevW
IsCharAlphaNumericW
MessageBoxExW
wsprintfW
IsChild
IsWindowUnicode
SetFocus
GetMessageTime
MsgWaitForMultipleObjects
PostMessageW
GetUpdateRgn
SetCaretPos
RegisterClipboardFormatW
GetCaretBlinkTime
HideCaret
DestroyCaret
CreateCaret
IsWindow
ScreenToClient
EmptyClipboard
SystemParametersInfoW
AppendMenuA
OpenClipboard
GetClipboardData
CloseClipboard
SetClipboardData
IsClipboardFormatAvailable
GetDlgCtrlID
GetScrollInfo
SetScrollInfo
ScrollWindow
UpdateWindow
SetTimer
KillTimer
GetKeyboardLayout
CreatePopupMenu
RegisterClassExW
ReleaseCapture
InflateRect
DrawTextW
DrawTextA
DrawFocusRect
GetDC
ReleaseDC
FrameRect
DestroyCursor
GetKeyState
GetDoubleClickTime
GetSysColor
TrackPopupMenu
DestroyMenu
IntersectRect
SetClipboardViewer
GetWindowPlacement
IsZoomed
EqualRect
OffsetRect
SetWindowPlacement
GetForegroundWindow
EnumWindows
IsIconic
ShowWindowAsync
IsWindowVisible
GetClassNameW
EnableMenuItem
CheckMenuItem
CheckMenuRadioItem
CountClipboardFormats
CopyImage
SetWindowTextW
SetActiveWindow
SetForegroundWindow
DrawAnimatedRects
FindWindowExW
CreateDialogIndirectParamW
DialogBoxIndirectParamW
CharUpperBuffW
GetMenu
GetMenuState
IsWindowEnabled
SetRect
DeferWindowPos
GetMenuStringW
GetSystemMenu
InsertMenuW
ChildWindowFromPoint
GetCapture
GetActiveWindow
GetSysColorBrush
IsCharLowerA
wsprintfA
IsCharUpperW
CharLowerW
IsCharLowerW
CharUpperW
IsCharAlphaNumericA
CharLowerA
CharNextW
SetCursorPos
LoadIconW
LoadImageW
GetDlgItem
GetDlgItemInt
SetDlgItemInt
CheckRadioButton
GetPropW
PeekMessageW
TranslateMessage
DispatchMessageW
SetPropW
CheckDlgButton
RemovePropW
IsDlgButtonChecked
GetWindowTextLengthW
MessageBeep
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItemTextW
EnableWindow
EndDialog
SetDlgItemTextW
SendDlgItemMessageW
ShowCaret
UnregisterClassW
CallWindowProcW
GetParent
BeginPaint
EndPaint
DefWindowProcW
GetCursorPos
SetCapture
GetSystemMetrics
AdjustWindowRectEx
CreateWindowExW
MapWindowPoints
MonitorFromPoint
SetCursor
LoadCursorW
GetIconInfo
CreateIconIndirect
SendMessageW
InvalidateRect
ShowWindow
GetWindowLongW
SetWindowLongW
FillRect
DestroyWindow
GetFocus
GetWindowRect
SetWindowPos
GetMonitorInfoW
MonitorFromRect
ClientToScreen
GetClientRect

gdi32

RoundRect
Ellipse
BitBlt
GetTextExtentPoint32A
GetTextMetricsW
RealizePalette
IntersectClipRect
StretchBlt
GetObjectW
CreateFontIndirectW
GetStockObject
CreateFontIndirectA
CreateDIBSection
GetTextExtentPoint32W
GetTextExtentExPointA
GetDeviceCaps
SetTextColor
CreatePatternBrush
SetBkMode
TranslateCharsetInfo
CombineRgn
CreateRectRgn
CreateBitmap
EnumFontsW
SetMapMode
EndDoc
EndPage
StartPage
StartDocW
CreateFontW
DPtoLP
GetNearestColor
CreatePen
CreateCompatibleBitmap
CreateCompatibleDC
SetBkColor
ExtTextOutW
Rectangle
Polygon
LineTo
ExtTextOutA
MoveToEx
SetTextAlign
SelectObject
SelectPalette
DeleteDC
DeleteObject
GetTextExtentExPointW
CreateSolidBrush
CreatePalette

advapi32

IsTextUnicode
OpenProcessToken
GetTokenInformation

shell32

SHGetPathFromIDListW
ShellExecuteW
ShellExecuteExW
SHGetFileInfoW
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetFolderPathW
ord180
SHGetSpecialFolderPathW
SHAppBarMessage
SHCreateDirectoryExW
Shell_NotifyIconW
DragAcceptFiles
SHAddToRecentDocs
DragFinish
DragQueryFileW
SHBrowseForFolderW

shlwapi

PathUnExpandEnvStringsW
StrCmpNIW
StrCmpIW
StrTrimA
StrDupW
StrCatBuffA
StrChrA
StrCatW
StrCpyW
StrStrA
StrCmpNA
StrChrIA
StrCmpNIA
UrlUnescapeW
UrlEscapeW
StrNCatW
PathCommonPrefixW
StrStrIA
StrCpyNW
StrRetToBufW
PathMatchSpecW
StrChrW
PathUnquoteSpacesW
PathIsUNCW
PathFileExistsW
PathFindFileNameW
PathQuoteSpacesW
PathRemoveFileSpecW
SHAutoComplete
StrTrimW
StrCatBuffW
PathAppendW
PathRelativePathToW
PathIsPrefixW
PathIsRelativeW
StrChrIW
PathCanonicalizeW
PathGetDriveNumberW
PathFindExtensionW
PathIsRootW
StrStrW
PathIsDirectoryW
PathStripToRootW
PathRenameExtensionW
StrRChrW
StrFormatByteSizeW
PathCompactPathExW
StrStrIW
StrCmpW
StrDupA

comdlg32

PrintDlgW
ChooseColorW
ChooseFontW
GetSaveFileNameW
GetOpenFileNameW
PageSetupDlgW

comctl32

ImageList_AddMasked
ord8
CreateStatusWindowW
ImageList_Create
ImageList_Destroy
InitCommonControlsEx

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmGetContext
ImmSetCompositionFontA
ImmNotifyIME
ImmSetCompositionWindow

ole32

CoUninitialize
CoTaskMemFree
RegisterDragDrop
RevokeDragDrop
OleUninitialize
DoDragDrop
OleInitialize
CoTaskMemAlloc
CoCreateInstance
CoInitialize

msvcrt

strncpy
memmove
abs
strncat
clock
iscntrl
sscanf
rand
srand
_swab
swscanf
wcsftime
mktime
__CxxFrameHandler
??1type_info@@UAE@XZ
_unlock
__dllonexit
qsort
_onexit
?terminate@@YAXXZ
_ismbblead
__getmainargs
_cexit
_exit
_XcptFilter
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_controlfp
memset
isspace
toupper
memcmp
memcpy
isupper
strlen
strcpy
strncmp
strstr
strcmp
islower
sprintf
atoi
_purecall
??2@YAPAXI@Z
strchr
tolower
ispunct
isalpha
isdigit
isalnum
_lock
??3@YAXPAX@Z

msvcp60

??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

Sections

.text
Size: 464KB - Virtual size: 463KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Two.vbs
.vbs
patch.exe
.exe windows:5 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 366KB - Virtual size: 820KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sjoxfpnv
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

weqjpdov
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
setup.exe
.exe windows:6 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 389KB - Virtual size: 712KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gsvcfcfz
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ytrllbjd
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

be41bf7b8cc010b614bd36bbca606973

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 458KB

.ndata Size: - Virtual size: 900KB

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 4KB - Virtual size: 3KB

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

0ef725341a4aecf8398c0e2132f38049

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

advapi32

ole32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 100B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1KB - Virtual size: 1KB

45d25ca52c312b2254c60dbcb30342d1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 686B

.rdata Size: 1024B - Virtual size: 753B

.data Size: 512B - Virtual size: 48B

.reloc Size: 512B - Virtual size: 240B

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 458KB

.ndata
Size: - Virtual size: 900KB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 100B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1024B - Virtual size: 686B

.rdata
Size: 1024B - Virtual size: 753B

.data
Size: 512B - Virtual size: 48B

.reloc
Size: 512B - Virtual size: 240B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 454B

.text
Size: 464KB - Virtual size: 463KB

.data
Size: 96KB - Virtual size: 127KB

.rsrc
Size: 105KB - Virtual size: 104KB

.reloc
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 9KB - Virtual size: 28KB

.idata
Size: 512B - Virtual size: 4KB

sjoxfpnv
Size: 1.7MB - Virtual size: 1.7MB

weqjpdov
Size: 512B - Virtual size: 4KB

.rsrc
Size: 10KB - Virtual size: 67KB