vCardz_i[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

vCardz_i.7z
Size

2.5MB
MD5

a82a67365e435427616cf03fc0f7a312
SHA1

0f948a960e6066905a9052f9cbb1e89bc7d2b956
SHA256

366f49884be023b398ea85ecb29a6864583eb9b69cdf3a9a12d03f7fe85ce836
SHA512

5fe429ae47949da0898ce87cddbbc36eb8f935d16af336f0b0063d74027a6d82d0ca94e4b0fc3fbdbd934e205cae5ebd2c68b21cb85b9479c80cbf4d722dc997
SSDEEP

49152:fwNWJk2H3To2Aj7xdbNg62PaOtcICgu0f+UPdCvi:f/e2HDo2IjZr2ik9Cg5W8

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/vCardz_i/libxlsxio_write.dll
unpack001/vCardz_i/libxlsxio_write64.dll
unpack001/vCardz_i/vCardz_i.exe
unpack001/vCardz_i/vCardz_i_32.exe

Files

vCardz_i.7z
.7z
vCardz_i/Cards/??/cards/AAAAAZ2.VCF
vCardz_i/Cards/??/z3.vcf
vCardz_i/Cards/??/z3_VQR.bmp
vCardz_i/Cards/A_Test_VCF/AMR_Sml_audio.vcf
vCardz_i/Cards/A_Test_VCF/Author.vcf
vCardz_i/Cards/A_Test_VCF/Base_Test2.VCF
vCardz_i/Cards/A_Test_VCF/Base_Test3.VCF
vCardz_i/Cards/A_Test_VCF/Contact - ??????? HwangMh,LeeYl.vcf
vCardz_i/Cards/A_Test_VCF/Date_TimeCheck.vcf
vCardz_i/Cards/A_Test_VCF/Funky distribution list.vcf
vCardz_i/Cards/A_Test_VCF/Internet Mail Consortium.vcf
vCardz_i/Cards/A_Test_VCF/John Doe.vcf
vCardz_i/Cards/A_Test_VCF/Kind_Role.vcf
vCardz_i/Cards/A_Test_VCF/Languages.vcf
vCardz_i/Cards/A_Test_VCF/M4A_Sml_audio.vcf
vCardz_i/Cards/A_Test_VCF/MP2_Sml_audio.VCF
vCardz_i/Cards/A_Test_VCF/MP3_Sml_audio.VCF
vCardz_i/Cards/A_Test_VCF/Multilanguage Test File.vcf
vCardz_i/Cards/A_Test_VCF/OGG_Sml_audio.VCF
vCardz_i/Cards/A_Test_VCF/WAV_Sml_audio.VCF
vCardz_i/Cards/A_Test_VCF/imc.vcf
vCardz_i/Cards/A_Test_VCF/z1.vcf
vCardz_i/Cards/A_Test_VCF/z3.vcf
vCardz_i/Cards/B_Test_XML/A_Trial_NewSave3.vcf
vCardz_i/Cards/B_Test_XML/A_Trial_NewSave3.xml
.xml
vCardz_i/Cards/B_Test_XML/A_Trial_NewSave4.xml
.xml
vCardz_i/Cards/B_Test_XML/Doe.xml
.xml
vCardz_i/Cards/B_Test_XML/Doe_Logo.xml
.xml
vCardz_i/Cards/B_Test_XML/Multi_Card.xml
.xml
vCardz_i/Cards/B_Test_XML/Multi_Extract_1.xml
.xml
vCardz_i/Cards/B_Test_XML/Multi_Extract_2.xml
.xml
vCardz_i/Cards/B_Test_XML/Perreault.xml
.xml
vCardz_i/Cards/B_Test_XML/VCF_toXML.xml
.xml
vCardz_i/Cards/B_Test_XML/relation.vcf
vCardz_i/Cards/B_Test_XML/relation.xml
.xml
vCardz_i/Cards/B_Test_XML/t.xml
.xml
vCardz_i/Cards/C_Test_APS/APowersoft_Example.xml
vCardz_i/Cards/D_Test_GDI/A_GDI_JPG_BMP.vcf
vCardz_i/Cards/D_Test_GDI/A_GDI_JPG_BMP.xml
.xml
vCardz_i/Cards/D_Test_GDI/A_GDI_PNG_GIF.vcf
vCardz_i/Cards/D_Test_GDI/A_GDI_PNG_GIF.xml
.xml
vCardz_i/Cards/D_Test_GDI/A_GDI_PNG_JPG.vcf
vCardz_i/Cards/D_Test_GDI/A_GDI_PNG_JPG.xml
.xml
vCardz_i/Cards/D_Test_GDI/A_GDI_TIF_EMF.vcf
vCardz_i/Cards/D_Test_GDI/A_GDI_TIF_EMF.xml
.xml
vCardz_i/Cards/D_Test_GDI/A_GDI_TIF_ICO.vcf
vCardz_i/Cards/D_Test_GDI/A_GDI_WMF_EMF.vcf
vCardz_i/Cards/D_Test_GDI/A_GDI_WMF_EMF.xml
.xml
vCardz_i/Cards/D_Test_GDI/MS_CardPicture.json
vCardz_i/Cards/D_Test_GDI/MS_CardPicture.vcf
vCardz_i/Cards/D_Test_GDI/MS_CardPicture.xml
.xml
vCardz_i/Cards/E_Test_JSON/Bob_Doe_Loaded.json
vCardz_i/Cards/E_Test_JSON/Forrest Gump.json
vCardz_i/Cards/E_Test_JSON/JSON_1.json
vCardz_i/Cards/E_Test_JSON/JSON_2.json
vCardz_i/Cards/E_Test_JSON/JSON_3.json
vCardz_i/Cards/E_Test_JSON/JSON_4.json
vCardz_i/Cards/E_Test_JSON/JSON_5.json
vCardz_i/Cards/E_Test_JSON/JSON_Date_Time.json
vCardz_i/Cards/E_Test_JSON/JSON_Multi.json
vCardz_i/Cards/E_Test_JSON/Multi_3_NS.json
vCardz_i/Cards/E_Test_JSON/Multi_3_S.json
vCardz_i/Cards/E_Test_JSON/Simon Perreault.json
vCardz_i/Cards/F_Test_CSV/A_BaseFile.csv
vCardz_i/Cards/F_Test_CSV/A_BaseFile.ods
.ods openoffice
vCardz_i/Cards/F_Test_CSV/A_BaseFile.vcf
vCardz_i/Cards/F_Test_CSV/A_BaseFileT.csv
vCardz_i/Cards/F_Test_CSV/A_BaseFileT.ods
.ods openoffice
vCardz_i/Cards/F_Test_CSV/A_BaseFileT_tab.txt
vCardz_i/Cards/F_Test_CSV/A_BaseFileT_tab_imp.vcf
vCardz_i/Cards/F_Test_CSV/A_BaseFileT_vbar.txt
vCardz_i/Cards/F_Test_CSV/A_BaseFileT_vbar_BOM.txt
vCardz_i/Cards/F_Test_CSV/A_BaseFileT_vbar_BOM_imp.vcf
vCardz_i/Cards/F_Test_CSV/A_BaseFileT_vbar_imp.vcf
vCardz_i/Cards/F_Test_CSV/A_BaseFile_tab.txt
vCardz_i/Cards/F_Test_CSV/A_BaseFile_tab_imp.vcf
vCardz_i/Cards/F_Test_CSV/A_TableODF_template.vcf
vCardz_i/Cards/Import_Templates/A_TableODF_template.vcf
vCardz_i/Cards/Import_Templates/A_dual_template.tpl
vCardz_i/Cards/Import_Templates/A_dual_template.vcf
vCardz_i/Cards/Import_Templates/GH_template.vcf
vCardz_i/Cards/Import_Templates/Google_template.vcf
vCardz_i/Cards/Import_Templates/Outlook365_template.vcf
vCardz_i/Cards/wikipedia_Test/vcard_2_1.vcf
vCardz_i/Cards/wikipedia_Test/vcard_3_0.vcf
vCardz_i/Cards/wikipedia_Test/vcard_4_0.vcf
vCardz_i/Cards/wikipedia_Test/vcard_4_0.xml
.xml
vCardz_i/Cards/wikipedia_Test/vcard_4_0_2.xml
.xml
vCardz_i/Cards/wikipedia_Test/vcard_5_0.xml
.xml
vCardz_i/Cards/wikipedia_Test/vcard_6_0.json
vCardz_i/Change.log
.vbs
vCardz_i/Issues.txt
vCardz_i/ReadMe.txt
vCardz_i/libxlsxio_write.dll
.dll windows:4 windows x86 arch:x86

117a7bc40a22aeeb7e90beb77910c158

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

__mb_cur_max
_amsg_exit
_errno
_fdopen
_filelengthi64
_fileno
_initterm
_iob
_lock
_pipe
_strdup
_unlink
_unlock
abort
atoi
calloc
fclose
ferror
fflush
fgetpos
fopen
fputc
fread
free
fseek
fsetpos
ftell
fwrite
localtime
localeconv
malloc
memcpy
memmove
memset
setlocale
rand
realloc
srand
strchr
strerror
strlen
strncmp
time
vfprintf
wcslen

Exports

Exports

xlsxiowrite_add_cell_datetime
xlsxiowrite_add_cell_float
xlsxiowrite_add_cell_int
xlsxiowrite_add_cell_string
xlsxiowrite_add_column
xlsxiowrite_close
xlsxiowrite_get_version
xlsxiowrite_get_version_string
xlsxiowrite_next_row
xlsxiowrite_open
xlsxiowrite_set_detection_rows
xlsxiowrite_set_row_height

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 482B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vCardz_i/libxlsxio_write64.dll
.dll windows:4 windows x64 arch:x64

abd5f7f725b633dd4e48e331cb9b40cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_errno
_fdopen
_filelengthi64
_fileno
_initterm
_localtime64
_lock
_pipe
_strdup
_time64
_unlink
_unlock
abort
calloc
fclose
ferror
fflush
fgetpos
fopen
fputc
fread
free
fseek
fsetpos
ftell
fwrite
localeconv
malloc
memcpy
memmove
memset
realloc
rand
srand
strchr
strerror
strlen
strncmp
vfprintf
wcslen

Exports

Exports

xlsxiowrite_add_cell_datetime
xlsxiowrite_add_cell_float
xlsxiowrite_add_cell_int
xlsxiowrite_add_cell_string
xlsxiowrite_add_column
xlsxiowrite_close
xlsxiowrite_get_version
xlsxiowrite_get_version_string
xlsxiowrite_next_row
xlsxiowrite_open
xlsxiowrite_set_detection_rows
xlsxiowrite_set_row_height

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 482B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vCardz_i/vCardz_i.exe
.exe windows:6 windows x64 arch:x64

85dab92ca3d5565bccb870f365e9039e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLastError
GetModuleHandleW
CreateProcessW
CloseHandle
CreateThread
Sleep
GetDateFormatEx
GetTimeFormatEx
FileTimeToSystemTime
GetLocalTime
SystemTimeToTzSpecificLocalTime
CreateFileW
GetFileTime
FormatMessageW
GetTimeFormatA
GetDateFormatA
GetPrivateProfileStringA
DeleteFileW
CopyFileW
GetPrivateProfileStringW
WritePrivateProfileStringW
WriteFile
GetPrivateProfileIntW
GetModuleHandleA
GetFileSize
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
GlobalFree
MulDiv
GetModuleFileNameA
CreateFileA
FormatMessageA
GetModuleFileNameW
Beep
MultiByteToWideChar
SetFileTime
WideCharToMultiByte
LoadLibraryA
GetProcAddress
LoadLibraryW
GetTempPathA
FreeLibrary
FindFirstFileW
FindClose
GetFileAttributesW
FindNextFileW
CreateDirectoryW
MoveFileExW
SetCurrentDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableW
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
GetFileAttributesA
FindFirstFileA
GetDriveTypeA
GetSystemTimeAsFileTime
CreateDirectoryA
GetStartupInfoW
FileTimeToLocalFileTime
VirtualAlloc
VirtualQuery
IsDebuggerPresent
OutputDebugStringA
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
HeapValidate
ExitProcess
IsDBCSLeadByteEx
DeleteFileA
GetFullPathNameA
QueryPerformanceFrequency
QueryPerformanceCounter
GetStdHandle
GetFileType
GetCurrentProcess
DuplicateHandle
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
RtlUnwindEx
SetStdHandle
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetFilePointerEx
WriteConsoleW
WaitForSingleObject
GetExitCodeProcess
SetConsoleCtrlHandler
WriteConsoleA
GetSystemTime
GetTimeZoneInformation
SetEndOfFile

user32

DialogBoxParamW
GetDlgItem
GetDC
LoadImageW
SendMessageW
SendDlgItemMessageW
DestroyIcon
EndDialog
MessageBoxW
GetClientRect
ReleaseDC
MessageBoxA
LoadCursorA
SetCursor
PeekMessageA
CreateDialogParamW
DestroyWindow
BringWindowToTop
SetFocus
InvalidateRect
UpdateWindow
SetWindowTextW
SetWindowPos
ShowWindow
PeekMessageW
GetWindowRect
MoveWindow
DlgDirListW
DlgDirSelectExW
GetWindowTextW
SendMessageA
DialogBoxParamA
LoadImageA
GetFocus
IsDlgButtonChecked
CheckRadioButton
LoadCursorW
GetMenu
GetSubMenu
ModifyMenuW
DrawMenuBar
GetMenuStringW
CheckDlgButton
BeginPaint
EndPaint
IsIconic
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
GetWindowLongPtrA
LoadBitmapA
GetClassInfoExW
LoadMenuW
LoadIconW
RegisterClassExW
LoadAcceleratorsW
IsWindow
IsDialogMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
GetMessageW
RedrawWindow
GetClassLongPtrW
GetDlgCtrlID
GetSysColorBrush
DestroyCaret
PostQuitMessage
GetWindowLongPtrW
LoadBitmapW
CreateWindowExW
GetWindowContextHelpId
SystemParametersInfoW
ScreenToClient
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetClassLongPtrW
CreateCaret
ShowCaret
GetMenuItemID
EndMenu
GetSystemMetrics
SetMenuItemBitmaps
GetMenuInfo
SetMenuInfo
EnableWindow
SetTimer

gdi32

CreateFontW
DeleteObject
CreatePen
CreateCompatibleDC
SelectObject
MoveToEx
LineTo
CreateSolidBrush
GetObjectW
GetDeviceCaps
SetTextColor
SetBkMode
SetBkColor
CreateFontIndirectW
CreateCompatibleBitmap
PatBlt
BitBlt
StretchBlt
GetTextExtentPoint32W
StartDocW
EndPage
StartPage
TextOutW
EndDoc

gdiplus

GdipLoadImageFromFile
GdipCreateFromHDC
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectI
GdipDeleteGraphics
GdiplusStartup
GdipDisposeImage

comctl32

InitCommonControlsEx
ImageList_LoadImageW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
ChooseFontW
ChooseColorW
PrintDlgW
CommDlgExtendedError

shell32

ShellExecuteA
ShellExecuteW
DragQueryFileW
DragFinish
SHGetFileInfoW

winmm

mciSendStringW
mciGetErrorStringA

ole32

CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

OleLoadPicture

shlwapi

StrTrimW
PathMakePrettyW
AssocQueryStringW
StrTrimA

uxtheme

SetWindowTheme

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 575KB - Virtual size: 574KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vCardz_i/vCardz_i_32.exe
.exe windows:6 windows x86 arch:x86

358aba64637abc260e3230fd7b45efe1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetModuleHandleW
CreateProcessW
CloseHandle
CreateThread
Sleep
GetDateFormatEx
GetTimeFormatEx
FormatMessageW
GetTimeFormatA
GetDateFormatA
GetPrivateProfileStringA
DeleteFileW
GetPrivateProfileStringW
WritePrivateProfileStringW
CreateFileW
WriteFile
GetModuleHandleA
GetFileSize
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
GlobalFree
MulDiv
GetModuleFileNameA
CreateFileA
GetSystemTime
FormatMessageA
GetModuleFileNameW
GetLocalTime
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
GetProcAddress
LoadLibraryW
GetTempPathA
FreeLibrary
FindFirstFileW
FindClose
GetFileAttributesW
FindNextFileW
CreateDirectoryW
MoveFileExW
SetCurrentDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableW
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
GetFileAttributesA
FindFirstFileA
GetDriveTypeA
GetSystemTimeAsFileTime
CreateDirectoryA
GetStartupInfoW
FileTimeToLocalFileTime
FileTimeToSystemTime
VirtualAlloc
VirtualQuery
IsDebuggerPresent
OutputDebugStringA
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
HeapValidate
ExitProcess
IsDBCSLeadByteEx
DeleteFileA
GetFullPathNameA
RtlUnwind
QueryPerformanceFrequency
QueryPerformanceCounter
GetStdHandle
GetFileType
GetCurrentProcess
DuplicateHandle
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetStdHandle
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetFilePointerEx
WriteConsoleW
WaitForSingleObject
GetExitCodeProcess
SetConsoleCtrlHandler
WriteConsoleA
GetTimeZoneInformation
SetEndOfFile

user32

DialogBoxParamW
GetDlgItem
GetDC
LoadImageW
SendMessageW
SendDlgItemMessageW
DestroyIcon
EndDialog
MessageBoxW
GetClientRect
ReleaseDC
MessageBoxA
LoadCursorA
SetCursor
PeekMessageA
CreateDialogParamW
DestroyWindow
BringWindowToTop
SetFocus
InvalidateRect
UpdateWindow
SetWindowTextW
SetWindowPos
ShowWindow
PeekMessageW
GetWindowRect
MoveWindow
DlgDirListW
DlgDirSelectExW
GetWindowTextW
SendMessageA
DialogBoxParamA
LoadImageA
GetFocus
IsDlgButtonChecked
CheckRadioButton
LoadCursorW
GetMenu
GetSubMenu
ModifyMenuW
DrawMenuBar
GetMenuStringW
CheckDlgButton
BeginPaint
EndPaint
IsIconic
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
GetWindowLongA
LoadBitmapA
GetClassInfoExW
LoadMenuW
LoadIconW
RegisterClassExW
LoadAcceleratorsW
IsWindow
IsDialogMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
GetMessageW
RedrawWindow
GetClassLongW
GetDlgCtrlID
GetSysColorBrush
PostQuitMessage
GetWindowLongW
LoadBitmapW
CreateWindowExW
GetWindowContextHelpId
SystemParametersInfoW
ScreenToClient
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetClassLongW
CreateCaret
ShowCaret
GetMenuItemID
EndMenu
GetSysColor
GetSystemMetrics
SetMenuItemBitmaps
EnableWindow
SetTimer

gdi32

CreateFontW
DeleteObject
CreatePen
CreateCompatibleDC
SelectObject
MoveToEx
LineTo
Rectangle
CreateSolidBrush
GetObjectW
GetDeviceCaps
SetTextColor
SetBkMode
SetBkColor
CreateFontIndirectW
CreateCompatibleBitmap
PatBlt
BitBlt
StretchBlt
GetTextExtentPoint32W
StartDocW
EndPage
StartPage
TextOutW
EndDoc

gdiplus

GdipLoadImageFromFile
GdipCreateFromHDC
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectI
GdipDeleteGraphics
GdiplusStartup
GdipDisposeImage

comctl32

InitCommonControlsEx
ImageList_LoadImageW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
ChooseFontW
ChooseColorW
PrintDlgW
CommDlgExtendedError

shell32

ShellExecuteA
ShellExecuteW
DragQueryFileW
DragFinish
SHGetFileInfoW

winmm

mciSendStringW
mciGetErrorStringA

ole32

CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

OleLoadPicture

shlwapi

PathMakePrettyW
AssocQueryStringW
StrTrimW
StrTrimA

uxtheme

SetWindowTheme

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 465KB - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 531KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vCardz_i/vCardziHelp.chm
.chm

Sharing

General

Malware Config

Signatures

Files

117a7bc40a22aeeb7e90beb77910c158

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 79KB - Virtual size: 79KB

.data Size: 512B - Virtual size: 144B

.rdata Size: 22KB - Virtual size: 21KB

.eh_fram Size: 11KB - Virtual size: 10KB

.bss Size: - Virtual size: 2KB

.edata Size: 512B - Virtual size: 482B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 1KB - Virtual size: 1KB

abd5f7f725b633dd4e48e331cb9b40cf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 85KB - Virtual size: 85KB

.data Size: 512B - Virtual size: 304B

.rdata Size: 24KB - Virtual size: 24KB

.eh_fram Size: 512B - Virtual size: 4B

.pdata Size: 3KB - Virtual size: 2KB

.xdata Size: 3KB - Virtual size: 2KB

.bss Size: - Virtual size: 2KB

.edata Size: 512B - Virtual size: 482B

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 204B

85dab92ca3d5565bccb870f365e9039e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

gdiplus

comctl32

comdlg32

shell32

winmm

ole32

oleaut32

shlwapi

uxtheme

advapi32

Sections

.text Size: 575KB - Virtual size: 574KB

.pdata Size: 10KB - Virtual size: 9KB

.rdata Size: 138KB - Virtual size: 138KB

.data Size: 12KB - Virtual size: 552KB

.rsrc Size: 230KB - Virtual size: 230KB

.reloc Size: 3KB - Virtual size: 2KB

358aba64637abc260e3230fd7b45efe1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

.text
Size: 79KB - Virtual size: 79KB

.data
Size: 512B - Virtual size: 144B

.rdata
Size: 22KB - Virtual size: 21KB

.eh_fram
Size: 11KB - Virtual size: 10KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 482B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 85KB - Virtual size: 85KB

.data
Size: 512B - Virtual size: 304B

.rdata
Size: 24KB - Virtual size: 24KB

.eh_fram
Size: 512B - Virtual size: 4B

.pdata
Size: 3KB - Virtual size: 2KB

.xdata
Size: 3KB - Virtual size: 2KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 482B

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 204B

.text
Size: 575KB - Virtual size: 574KB

.pdata
Size: 10KB - Virtual size: 9KB

.rdata
Size: 138KB - Virtual size: 138KB

.data
Size: 12KB - Virtual size: 552KB

.rsrc
Size: 230KB - Virtual size: 230KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 465KB - Virtual size: 465KB

.rdata
Size: 117KB - Virtual size: 116KB

.data
Size: 8KB - Virtual size: 531KB

.rsrc
Size: 230KB - Virtual size: 229KB

.reloc
Size: 47KB - Virtual size: 47KB