84d4f9375d14c24f34b0112d0dd392d270d545cecf81764858a21e95d1d370c3_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

84d4f9375d14c24f34b0112d0dd392d270d545cecf81764858a21e95d1d370c3_NeikiAnalytics.exe
Size

2.4MB
MD5

b4c5f97802b588f4a88d5f50eef30f00
SHA1

c4c148dde525f4214dcb759dcb3ec16beba95985
SHA256

84d4f9375d14c24f34b0112d0dd392d270d545cecf81764858a21e95d1d370c3
SHA512

85145dcdd556a8635cdd3d5355edc65fc11594b7fe7648fb5b968b5ac54b790d6c06770912f850e4257aef46c5f64f475fda161a9a251e8940dda61e203465e1
SSDEEP

49152:ntovcq6Va5Hx2i8cFKaVWR3sCVxxuBjYSK5T5Qc/zLW3M:+vcq6VwxTFK0WRcC3xudYvfIM

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
84d4f9375d14c24f34b0112d0dd392d270d545cecf81764858a21e95d1d370c3_NeikiAnalytics.exe
unpack001/$TEMP/Mpeg3Plugin.dll
unpack001/$TEMP/Scratch.exe
unpack001/$TEMP/ScratchPlugin.dll
unpack001/$TEMP/UnicodePlugin.dll
unpack001/$TEMP/WeDoPlugin.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

84d4f9375d14c24f34b0112d0dd392d270d545cecf81764858a21e95d1d370c3_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

55f3dfd13c0557d3e32bcbc604441dd3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CloseHandle
ExitProcess
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/Mpeg3Plugin.dll
.dll windows:4 windows x86 arch:x86

f592ad134d582cc1615e210236eb103b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crtdll

_iob
atol
calloc
cos
fclose
feof
fflush
fgetc
fopen
fprintf
fread
free
fscanf
fseek
ftell
memcpy
memset
pow
printf
sin
sprintf
sqrt
strcat
strcmp
strcpy
strncmp
strncpy
strrchr
tan
_stat

Exports

Exports

getModuleName
initialiseModule
primitiveMPEG3AudioChannels
primitiveMPEG3AudioSamples
primitiveMPEG3CheckSig
primitiveMPEG3Close
primitiveMPEG3DropFrames
primitiveMPEG3EndOfAudio
primitiveMPEG3EndOfVideo
primitiveMPEG3FrameRate
primitiveMPEG3GenerateToc
primitiveMPEG3GetFrame
primitiveMPEG3GetSample
primitiveMPEG3GetTime
primitiveMPEG3HasAudio
primitiveMPEG3HasVideo
primitiveMPEG3Open
primitiveMPEG3PreviousFrame
primitiveMPEG3ReReadAudio
primitiveMPEG3ReadAudio
primitiveMPEG3ReadFrame
primitiveMPEG3SampleRate
primitiveMPEG3SeekPercentage
primitiveMPEG3SetCpus
primitiveMPEG3SetFrame
primitiveMPEG3SetMmx
primitiveMPEG3SetSample
primitiveMPEG3TellPercentage
primitiveMPEG3TotalAStreams
primitiveMPEG3TotalVStreams
primitiveMPEG3VideoFrames
primitiveMPEG3VideoHeight
primitiveMPEG3VideoWidth
primitiveTestMethod
setInterpreter
shutdownModule

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 67KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Scratch.exe
.exe windows:4 windows x86 arch:x86

332e5097ea90ad694a114c2723565d8e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetUserNameA
RegCloseKey
RegOpenKeyA
RegQueryValueExA

comdlg32

GetOpenFileNameW
PrintDlgA

crtdll

__GetMainArgs
_cexit
_control87
_environ_dll
_errno
_fileno
_fmode_dll
_fpreset
_iob
_setjmp
_setmode
_tzset
acos
atan
atexit
atoi
atol
calloc
cos
ctime
exit
exp
fclose
feof
fflush
fgetc
fgetpos
floor
fopen
fread
free
freopen
frexp
fscanf
fseek
ftell
getchar
getenv
isdigit
ldexp
log
longjmp
malloc
memcpy
memmove
memset
modf
pow
realloc
remove
setvbuf
signal
sin
sprintf
sqrt
sscanf
strcat
strcmp
strcpy
strncmp
strncpy
strrchr
tan
time
vfprintf
_stat
_strdup
_strnicmp

dinput

DirectInputCreateA

gdi32

BitBlt
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreatePalette
CreateRectRgn
DeleteDC
DeleteObject
DescribePixelFormat
EndDoc
EndPage
GetDIBits
GetDeviceCaps
GetEnhMetaFileHeader
GetObjectA
GetPixelFormat
GetStockObject
PlayEnhMetaFile
RealizePalette
SelectClipRgn
SelectObject
SelectPalette
SetDIBitsToDevice
SetMapMode
SetPixelFormat
SetRectRgn
StartDocA
StartPage
StretchDIBits
SwapBuffers

kernel32

CloseHandle
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileW
CreateMutexA
CreatePipe
CreateThread
DeleteFileW
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FlushFileBuffers
FormatMessageA
FreeLibrary
GetCommState
GetCommandLineA
GetCommandLineW
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentThread
GetFileSize
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetTempFileNameA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GlobalAlloc
GlobalFree
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnlock
LoadLibraryA
LocalFree
MoveFileW
MulDiv
MultiByteToWideChar
OpenFile
PurgeComm
ReadFile
ReleaseMutex
RemoveDirectoryW
ResetEvent
ResumeThread
SetCommState
SetCommTimeouts
SetCurrentDirectoryA
SetEndOfFile
SetEvent
SetFilePointer
SetLastError
SetThreadPriority
SetUnhandledExceptionFilter
SetupComm
Sleep
TerminateThread
VirtualAlloc
VirtualFree
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
_lclose
_lwrite
lstrcatA
lstrcmpA
lstrcpyA
lstrlenA

ole32

CoCreateGuid
CoCreateInstance
CoInitialize
CoUninitialize
OleInitialize
OleUninitialize
RegisterDragDrop
RevokeDragDrop

opengl32

glBegin
glBindTexture
glBlendFunc
glClear
glClearColor
glClearDepth
glColor4d
glColorMaterial
glColorPointer
glDeleteTextures
glDepthFunc
glDepthMask
glDisable
glDisableClientState
glDrawArrays
glDrawElements
glEnable
glEnableClientState
glEnd
glFinish
glFlush
glFogf
glFogfv
glFogi
glFrontFace
glGenTextures
glGetError
glGetIntegerv
glGetString
glHint
glIsEnabled
glIsTexture
glLightModelfv
glLightModeli
glLightf
glLightfv
glLineWidth
glLoadIdentity
glLoadMatrixf
glMaterialf
glMaterialfv
glMatrixMode
glNormalPointer
glPointSize
glPolygonMode
glPopAttrib
glPopMatrix
glPushAttrib
glPushMatrix
glScaled
glShadeModel
glTexCoord2d
glTexCoordPointer
glTexEnvi
glTexImage2D
glTexParameteri
glTexSubImage2D
glTranslated
glVertex2i
glVertexPointer
glViewport
wglCreateContext
wglDeleteContext
wglMakeCurrent

shell32

DragFinish
DragQueryFileA
DragQueryFileW

user32

AdjustWindowRect
AppendMenuA
BeginPaint
BringWindowToTop
CheckMenuItem
CloseClipboard
CreateCursor
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DefWindowProcW
DestroyCursor
DestroyWindow
DispatchMessageA
EmptyClipboard
EndPaint
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetFocus
GetKeyState
GetMessageA
GetParent
GetSystemMenu
GetSystemMetrics
GetUpdateRect
GetUpdateRgn
GetWindowLongA
GetWindowRect
InvalidateRect
IsClipboardFormatAvailable
IsIconic
IsRectEmpty
IsWindow
IsWindowVisible
LoadIconA
LoadImageA
MapWindowPoints
MessageBeep
MessageBoxA
MoveWindow
MsgWaitForMultipleObjects
OpenClipboard
PeekMessageA
PostMessageA
RegisterClassA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
ScreenToClient
SendMessageA
SetActiveWindow
SetCapture
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetWindowLongA
SetWindowLongW
SetWindowPos
SetWindowTextA
SetWindowTextW
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMessage
UpdateWindow
wsprintfA
wvsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

joyGetDevCapsA
joyGetNumDevs
joyGetPos
joyGetPosEx
midiInClose
midiInGetDevCapsA
midiInGetErrorTextA
midiInGetNumDevs
midiInOpen
midiInReset
midiInStart
midiInStop
midiOutClose
midiOutGetDevCapsA
midiOutGetErrorTextA
midiOutGetNumDevs
midiOutLongMsg
midiOutOpen
midiOutPrepareHeader
midiOutReset
midiOutShortMsg
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetTime
timeKillEvent
timeSetEvent
waveInAddBuffer
waveInClose
waveInGetDevCapsA
waveInGetErrorTextA
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInReset
waveInStart
waveOutClose
waveOutGetDevCapsA
waveOutGetErrorTextA
waveOutGetNumDevs
waveOutGetVolume
waveOutOpen
waveOutPrepareHeader
waveOutReset
waveOutSetVolume
waveOutWrite

wsock32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
gethostname
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

Exports

Exports

moduleUnloaded
primitiveByteArrayDoubleAt
primitiveByteArrayDoubleAtPut
primitiveByteArrayFloatAt
primitiveByteArrayFloatAtPut
primitiveByteArrayNByteIIntegerAtPut
primitiveByteArrayNByteIntegerAt
primitiveChangeClassWithClass
primitiveDisablePowerManager
primitiveForceTenure
primitiveIsRoot
primitiveIsYoung
primitivePluginBrowserReady
primitivePluginDestroyRequest
primitivePluginPostURL
primitivePluginRequestFileHandle
primitivePluginRequestState
primitivePluginRequestURL
primitivePluginRequestURLStream
primitiveRootTable
primitiveRootTableAt
primitiveScreenDepth
primitiveSetGCBiasToGrow
primitiveSetGCBiasToGrowGCLimit
primitiveSetGCSemaphore

Sections

.text
Size: 876KB - Virtual size: 876KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 214KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/ScratchPlugin.dll
.dll windows:4 windows x86 arch:x86

7c2de640ff0d966aa935d35d5880227c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
GetLongPathNameA
GetFileAttributesW
CloseHandle
PurgeComm
ReadFile
WriteFile
EscapeCommFunction
SetCommState
GetCommState
GetCommModemStatus
SetCommTimeouts
SetupComm
CreateFileA
FlushFileBuffers
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
InterlockedDecrement
InterlockedIncrement
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
LoadLibraryA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
RaiseException
SetStdHandle
RtlUnwind

user32

GetActiveWindow
SetWindowTextW
wsprintfA

shell32

ShellExecuteW
SHGetSpecialFolderPathW

Exports

Exports

primClose
primGetOption
primIsPortOpen
primOpenPortNamed
primPortCount
primPortName
primRead
primSetOption
primWrite
primitiveBlur
primitiveBrightnessShift
primitiveCondenseSound
primitiveDoubleSize
primitiveExtractChannel
primitiveFisheye
primitiveGetFolderPath
primitiveHalfSizeAverage
primitiveHalfSizeDiagonal
primitiveHueShift
primitiveInterpolate
primitiveIsHidden
primitiveOpenURL
primitiveSaturationShift
primitiveScale
primitiveSetUnicodePasteBuffer
primitiveSetWindowTitle
primitiveShortToLongPath
primitiveWaterRipples1
primitiveWhirl
setInterpreter

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/UnicodePlugin.dll
.dll windows:4 windows x86 arch:x86

b5f8f5b0cc7b6de92e3bbdc873d220e7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
GetProcAddress
MultiByteToWideChar
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
RtlUnwind

user32

CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
SetClipboardData
EmptyClipboard

gdi32

CreateDIBSection
SetBkColor
SetTextColor
SelectObject
CreateCompatibleDC
DeleteDC
DeleteObject
CreateFontW
EnumFontFamiliesExW

usp10

ScriptString_pSize
ScriptStringAnalyse
ScriptStringOut
ScriptStringCPtoX
ScriptStringFree

Exports

Exports

primitiveClipboardGet
primitiveClipboardPut
primitiveClipboardSize
primitiveDrawString
primitiveGetFontList
primitiveGetXRanges
primitiveMeasureString
primitiveSetColors
primitiveSetFont
setInterpreter

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 978KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/WeDoPlugin.dll
.dll windows:4 windows x86 arch:x86

2fa21de5644b8867308ffb85823845d1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStringTypeW
CreateFileA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WriteFile
ReadFile
GetStringTypeA
CloseHandle
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
RtlUnwind

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA

hid

HidD_GetAttributes
HidD_FlushQueue
HidD_GetHidGuid

Exports

Exports

primClosePort
primOpenPort
primRead
primWrite
setInterpreter

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/license.txt
$TEMP/runtime.image

Sharing

General

Malware Config

Signatures

Files

55f3dfd13c0557d3e32bcbc604441dd3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 3KB

f592ad134d582cc1615e210236eb103b

Headers

File Characteristics

Imports

crtdll

Exports

Exports

Sections

.text Size: 192KB - Virtual size: 192KB

.data Size: 35KB - Virtual size: 35KB

.bss Size: - Virtual size: 67KB

.edata Size: 2KB - Virtual size: 2KB

.idata Size: 1024B - Virtual size: 776B

.reloc Size: 6KB - Virtual size: 6KB

332e5097ea90ad694a114c2723565d8e

Headers

File Characteristics

Imports

advapi32

comdlg32

crtdll

dinput

gdi32

kernel32

ole32

opengl32

shell32

user32

version

winmm

wsock32

Exports

Exports

Sections

.text Size: 876KB - Virtual size: 876KB

.data Size: 69KB - Virtual size: 68KB

.bss Size: - Virtual size: 214KB

.edata Size: 1024B - Virtual size: 968B

.idata Size: 12KB - Virtual size: 12KB

.rsrc Size: 61KB - Virtual size: 64KB

7c2de640ff0d966aa935d35d5880227c

Headers

File Characteristics

Imports

kernel32

user32

shell32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 20KB

.reloc Size: 8KB - Virtual size: 4KB

b5f8f5b0cc7b6de92e3bbdc873d220e7

Headers

File Characteristics

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 192KB - Virtual size: 192KB

.data
Size: 35KB - Virtual size: 35KB

.bss
Size: - Virtual size: 67KB

.edata
Size: 2KB - Virtual size: 2KB

.idata
Size: 1024B - Virtual size: 776B

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 876KB - Virtual size: 876KB

.data
Size: 69KB - Virtual size: 68KB

.bss
Size: - Virtual size: 214KB

.edata
Size: 1024B - Virtual size: 968B

.idata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 61KB - Virtual size: 64KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 20KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 978KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB