2455f1d00bcc88dffb9855497e51fce5ebfa179fa699bf2aa3a15830138bfc33_NeikiAnalytics[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2455f1d00bcc88dffb9855497e51fce5ebfa179fa699bf2aa3a15830138bfc33_NeikiAnalytics.exe
Size

3.4MB
MD5

91765e9039508730b030e6e7703559f0
SHA1

3d99080447582175e70b9e4d5b28f675789e89ff
SHA256

2455f1d00bcc88dffb9855497e51fce5ebfa179fa699bf2aa3a15830138bfc33
SHA512

0227ad0266247655d86b098f9225cbb5aafabfd653803eb4f94d37e83f730752a17460e7b4380585446396010cae97eaa95ee85238e972a8ef6844ad1f4ac830
SSDEEP

24576:9v3MuKv+6ZWYJS4ZOOUN7yY+QLQigqy64VyCWLoQpRs/kGIIIIILIIIIII99Gbh4:9vPKvhOOOQi7B4JWLoiRs/kTX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2455f1d00bcc88dffb9855497e51fce5ebfa179fa699bf2aa3a15830138bfc33_NeikiAnalytics.exe

Files

2455f1d00bcc88dffb9855497e51fce5ebfa179fa699bf2aa3a15830138bfc33_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

388c4b20c579935561522b71bc23a04f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

y:\NANKING_5.1\CMPC\RunImage\win32\release\TeacherMain.pdb

Imports

libtdmaster

HookLocalInputToRemoteHost
RegisterCtrlHotKey
InitHook
UnHookLocalInput
DoneHook
SetMonitorWindowPos

exchange20

eXchangeCreateInstance

libminimedia10

CreateUMSPChannelClient
CreateMiniMediaServer

libnet30

??1CNetworkEvent@@UAE@XZ
?GetIpAddress@CIpAddress@@QBEKXZ
?Receive@CUDPSocket@@QAEHPBXKAAKAAVCIpAddress@@@Z
?Reset@CNetworkEvent@@QAEHXZ
??0CIpAddress@@QAE@XZ
?GetHandle@CNetworkEvent@@QBEQAXXZ
?Select@CNetworkEvent@@QAEHIJ@Z
?GetHandle@CUDPSocket@@QBE?BIXZ
?Create@CNetworkEvent@@QAEHXZ
??0CNetworkEvent@@QAE@XZ
??1CUDPSocket@@UAE@XZ
??0CUDPSocket@@QAE@XZ
?GetLocalIPAddr@CSocketUtils@@SAKH@Z
?GetNumLocalIPAddrs@CSocketUtils@@SAHXZ
?RefreshLocalInterfaceInfo@CSocketUtils@@SAHXZ
?GetBroadcastIPAddr@CSocketUtils@@SAKK@Z
?Uninitialize@CSocketUtils@@SAXXZ
??0CIpAddress@@QAE@PBDG@Z
?Initialize@CSocketUtils@@SAHXZ
??1CIpAddress@@UAE@XZ
?Send@CUDPSocket@@QAEHPBXKAAKABVCIpAddress@@@Z
??0CIpAddress@@QAE@KG@Z
?Destroy@CUDPSocket@@QAEHXZ
?StringToIPAddr@CSocketUtils@@SAKPB_W@Z
?SetRecvBufferSize@CUDPSocket@@QAEHH@Z
?SetTTL@CUDPSocket@@QAEHH@Z
?SetLoopback@CUDPSocket@@QAEHH@Z
?SetSendBufferSize@CUDPSocket@@QAEHH@Z
?EnableBroadcast@CUDPSocket@@QAEHXZ
?IsBroadcastAddress@CIpAddress@@QBEHXZ
?JoinMulticastGroup@CUDPSocket@@QAEHABVCIpAddress@@0@Z
?IsMulticastAddress@CIpAddress@@QBEHXZ
?Create@CUDPSocket@@QAEHABVCIpAddress@@@Z

librtp20

?Create@CRTPRMInput@@QAEHPB_W0GMMG@Z
?Destroy@CRTPRMInput@@QAEXXZ
?Destroy@CRTPRMOutput@@QAEXXZ
??0CRTPRMInput@@QAE@XZ
??0CRTPRMOutput@@QAE@XZ
??0CRTPConnector@@QAE@XZ
??1CRTPRMInput@@UAE@XZ
??1CRTPRMOutput@@UAE@XZ
??1CRTPConnector@@UAE@XZ
?XferRTPPacket@CRTPOutputPin@@QAEXPBXK@Z
??0CRTPOutputPin@@QAE@PAUIRTPInput@@@Z
??1CRTPInputPin@@UAE@XZ
??0CRTPInputPin@@QAE@PAUIRTPOutput@@@Z
??1CRTPOutputPin@@UAE@XZ
?Create@CRTPRMOutput@@QAEHPB_W0GMMMG@Z

libjpeg20

EncodeToJPEGBuffer
DecodeFromJPEGBuffer

libimg20

InitImgUtils
GetRGB2RGBConvertTable

ws2_32

sendto
WSAWaitForMultipleEvents
inet_ntoa
inet_addr
select
htonl
recv
setsockopt
socket
ntohl
bind
htons
__WSAFDIsSet
closesocket
send
gethostbyname
connect
ioctlsocket
WSAGetLastError

winmm

waveOutGetNumDevs
sndPlaySoundW
waveInGetNumDevs

msacm32

acmMetrics
acmFormatChooseW

powrprof

CallNtPowerInformation

libtdajust

TDAjustCreateInstance

libtdfigo

TDFigoCreateInstance

libtddesk2

TDDeskCreateInstance

libtdviper

TDViperCreateInstance

libelcmanager

TDManagerCreateInstance

libcomlayer

?CreateCommunicationLayer@@YAPAVICommunicationLayer@@PAVIEventItemManager@@@Z
?CreateEventManager@@YAPAVIEventItemManager@@K@Z
?Release@CTransactionHandler@@QAEJXZ

libbasetrans

?NotifyMemberNameChanged@CNameTransaction@@QAEXUtagCLIENTID@@PA_W@Z
?SetClientName@CNameTransaction@@QAEXUtagCLIENTID@@PA_W@Z
?NotifyMemberNameConflicted@CNameTransaction@@QAEXUtagCLIENTID@@PA_W@Z
?StartAllStudents@CThumbnailTransaction@@QAEXXZ
?SetClientLogout@CNameTransaction@@QAEXUtagCLIENTID@@@Z
?DelStudent@CThumbnailTransaction@@QAEHK@Z
?StopStudent@CThumbnailTransaction@@QAEHK@Z
?StopAllStudents@CThumbnailTransaction@@QAEXXZ
?StartStudent@CThumbnailTransaction@@QAEHK@Z
?SetStudentPolicy@CThumbnailTransaction@@QAEHKPAUtagTNAIL_POLICY@@@Z
?AddStudent@CThumbnailTransaction@@QAEHK@Z
?AcceptSubmitting@CSubmitFileTransaction@@QAEXU_GUID@@@Z
?DenySubmitting@CSubmitFileTransaction@@QAEXU_GUID@@@Z
?StartSendCommand@CCommandTransaction@@QAEXKPAKHPAEK@Z
?Shutdown@CTeacherExitTransacation@@QAEXXZ
?OnTimeout@CCommandTransaction@@UAEXK@Z
?OnSendComplete@CCommandTransaction@@UAEXPAXK@Z
?OnReceiveComplete@CCommandTransaction@@UAEXPAXK@Z
??1CCommandTransaction@@UAE@XZ
?EnableSubmit@CSubmitFileTransaction@@QAEXH@Z
?SetLocked@CFindTeacherTransaction@@QAEXH@Z
?SendRejectConnectToStudent@CFindTeacherTransaction@@QAEXKHK@Z
?SetSubmitQuota@CSubmitFileTransaction@@QAEX_JK@Z
??0CSubmitFileTransaction@@QAE@PAVICommunicationLayer@@PAU_GUID@@@Z
?OnTimeout@CSubmitFileTransaction@@UAEXK@Z
?OnSendComplete@CSubmitFileTransaction@@UAEXPAXK@Z
?OnReceiveComplete@CSubmitFileTransaction@@UAEXPAXK@Z
??1CSubmitFileTransaction@@UAE@XZ
??0CThumbnailTransaction@@QAE@PAVICommunicationLayer@@PAU_GUID@@@Z
?OnTimeout@CThumbnailTransaction@@UAEXK@Z
?Startup@CTeacherExitTransacation@@QAEHKPAUtagCLIENTID@@HK@Z
??0CTeacherExitTransacation@@QAE@PAVICommunicationLayer@@PAU_GUID@@@Z
?OnTimeout@CTeacherExitTransacation@@UAEXK@Z
?OnSendComplete@CTeacherExitTransacation@@UAEXPAXK@Z
?OnReceiveComplete@CTeacherExitTransacation@@UAEXPAXK@Z
??0CCommandTransaction@@QAE@PAVICommunicationLayer@@PAU_GUID@@@Z
?ResetUnconnectedMembers@CFindTeacherTransaction@@QAEXPAUtagCLIENTID@@H@Z
?SetClientLogin@CNameTransaction@@QAEXUtagCLIENTID@@K@Z
?RemoveClient@CNameTransaction@@QAEXUtagCLIENTID@@@Z
??1CNameTransaction@@UAE@XZ
?OnReceiveComplete@CNameTransaction@@UAEXPAXK@Z
?OnSendComplete@CNameTransaction@@UAEXPAXK@Z
?OnSendComplete@CThumbnailTransaction@@UAEXPAXK@Z
?OnReceiveComplete@CThumbnailTransaction@@UAEXPAXK@Z
??1CThumbnailTransaction@@UAE@XZ
?Shutdown@CFindTeacherTransaction@@QAEXXZ
?Shutdown@CNameTransaction@@QAEXXZ
?Startup@CFindTeacherTransaction@@QAEHPA_WKPAUtagCLIENTID@@HPAKHK@Z
??0CFindTeacherTransaction@@QAE@PAVICommunicationLayer@@PAU_GUID@@@Z
?OnTimeout@CFindTeacherTransaction@@UAEXK@Z
?OnSendComplete@CFindTeacherTransaction@@UAEXPAXK@Z
?OnReceiveComplete@CFindTeacherTransaction@@UAEXPAXK@Z
??1CFindTeacherTransaction@@UAE@XZ
?AddClient@CNameTransaction@@QAEXUtagCLIENTID@@PA_W@Z
?Startup@CNameTransaction@@QAEHXZ
??0CNameTransaction@@QAE@PAVICommunicationLayer@@PAU_GUID@@@Z
?OnTimeout@CNameTransaction@@UAEXK@Z
??1CTeacherExitTransacation@@UAE@XZ

libtestquizgrade

Grade_CreateTestQuizGrade
Grade_IsStarted
Grade_DestroyTestQuizGrade
Grade_FilterDllMsg
Grade_ProcessDllIdle

libtestinstanttest

InstantTest_CreateTestInstantTest
InstantTest_DestroyTestInstantTest
InstantTest_ProcessDllIdle
InstantTest_FilterDllMsg

libremotesetting

ActiveDoModalDlg

librecorder

CreateTDRecorder

librepeatsrv

VRecordSrv_Start
VRecordSrv_Stop
VRecordSrv_ProcessDllIdle
VRecordSrv_RemoveMember
VRecordSrv_AddMember
VRecordSrv_FilterDllMsg

libwebserver

VWebServer_RemoveMember
VWebServer_AddMember
VWebServer_Stop
VWebServer_Start

libwebpolicy

WebPolicy_GetBlackList
WebPolicy_InitNotify
WebPolicy_GetOpenList
WebPolicy_GetUserPolicyCount
WebPolicy_ShowAdvanced
WebPolicy_SetActive
WebPolicy_GetWhiteList
WebPolicy_GetUserPolicy

libapppolicy

GetUserPolicyCount
GetUserPolicy
GetWhiteListPolicy
GetBlackListPolicy
SetActivePolicy
ShowAdvancedPolicy
InitAppPolicyNotify

libfilecast

StopFileCast
StartFileCast
FileCast_FilterDllMsg
FileCast_ProcessDllIdle

libmultichat

MultiChat_ProcessDllIdle
MultiChatSvr_SetFont
MultiChatSvr_NewGroupPro
MultiChatSvr_SetNotifyWnd
MultiChatSvr_SetCommAddress
MultiChatSvr_SetLocalIp
MultiChatSvr_Init
MultiChatSvr_SetCltState
MultiChatSvr_Done
MultiChatSvr_CloseAll
MultiChatSvr_TryToQuitNow
MultiChatSvr_ForceExit
MultiChatSvr_IsCanQuitNow
MultiChat_FilterDllMsg

libtestquizedit

QuizEdit_ProcessDllIdle
Edit_CreateTestQuizEdit
Edit_TrytoDestroyTestQuizEdit
QuizEdit_FilterDllMsg

libtestmonitor

Monitor_CloseTestMonitor
Monitor_CreateTestMonitor
QuizMonitor_ProcessDllIdle
QuizMonitor_FilterDllMsg

libliveexpress

StopLiveExpress
StartLiveExpress
PreviewLiveExpress
IsLiveExpressStarted

mfc80u

ord709
ord602
ord6033
ord5638
ord5727
ord347
ord5870
ord501
ord3417
ord1536
ord3296
ord1894
ord572
ord2985
ord5210
ord2077
ord587
ord1920
ord563
ord753
ord3927
ord6251
ord1006
ord3678
ord3590
ord760
ord1079
ord3281
ord3238
ord2085
ord4094
ord1946
ord2365
ord1274
ord1058
ord3995
ord4117
ord5637
ord6013
ord2889
ord6140
ord6086
ord3460
ord635
ord395
ord4271
ord1297
ord2164
ord5201
ord5144
ord3939
ord1548
ord4013
ord2418
ord2419
ord2986
ord5352
ord940
ord4898
ord2933
ord4129
ord4303
ord5006
ord5003
ord2609
ord1904
ord2237
ord1156
ord5161
ord5829
ord4259
ord4946
ord762
ord6061
ord4293
ord4921
ord3642
ord4109
ord4882
ord4945
ord3157
ord1957
ord1959
ord589
ord5609
ord330
ord2121
ord3756
ord502
ord2066
ord326
ord2648
ord3453
ord385
ord4713
ord4728
ord4205
ord4904
ord4459
ord4619
ord4578
ord4458
ord4488
ord4966
ord3630
ord1086
ord2012
ord658
ord651
ord3224
ord4232
ord2083
ord5867
ord2952
ord416
ord2867
ord3395
ord3789
ord2364
ord3645
ord1556
ord2340
ord1176
ord1571
ord1430
ord6284
ord629
ord5083
ord384
ord2897
ord5319
ord1182
ord1178
ord283
ord3435
ord744
ord2260
ord1479
ord282
ord6700
ord6111
ord860
ord3873
ord899
ord5558
ord4480
ord1785
ord1476
ord6160
ord6063
ord2310
ord5869
ord2155
ord2167
ord1299
ord3869
ord1443
ord1906
ord266
ord265
ord741
ord3311
ord4234
ord1582
ord2086
ord2255
ord591
ord3165
ord4228
ord1538
ord4092
ord1474
ord1922
ord2080
ord2893
ord5723
ord290
ord5185
ord2010
ord333
ord4063
ord5429
ord897
ord3990
ord1113
ord6003
ord5713
ord868
ord3390
ord6751
ord6749
ord1921
ord1555
ord755
ord1524
ord564
ord758
ord567
ord5958
ord332
ord5636
ord666
ord723
ord967
ord2265
ord5455
ord5519
ord5643
ord5584
ord531
ord429
ord3331
ord2254
ord5621
ord2074
ord4074
ord5524
ord664
ord866
ord5862
ord427
ord5466
ord2876
ord2860
ord4256
ord6161
ord5427
ord3017
ord3842
ord3813
ord2261
ord2362
ord4119
ord6279
ord3546
ord718
ord739
ord4714
ord5207
ord4207
ord4184
ord4838
ord4861
ord4611
ord4791
ord5064
ord5066
ord5065
ord6744
ord4730
ord3309
ord1580
ord1638
ord516
ord1871
ord3661
ord2151
ord3983
ord1416
ord6302
ord6301
ord911
ord3104
ord3103
ord3223
ord4231
ord1561
ord2082
ord1925
ord1475
ord1924
ord6262
ord1388
ord657
ord3161
ord2935
ord2401
ord2406
ord2383
ord919
ord4227
ord280
ord2078
ord4090
ord4502
ord3318
ord2977
ord4237
ord1585
ord1641
ord2089
ord748
ord3875
ord1772
ord5740
ord287
ord2488
ord2654
ord2444
ord5801
ord1198
ord3249
ord1172
ord5316
ord6282
ord5327
ord6293
ord1623
ord2932
ord1080
ord2159
ord261
ord620
ord3189
ord730
ord3298
ord5987
ord6002
ord5712
ord1872
ord3752
ord1117
ord4101
ord894
ord1252
ord5149
ord3322
ord2981
ord754
ord3877
ord2878
ord3985
ord2741
ord2739
ord3547
ord524
ord4266
ord1512
ord4274
ord5208
ord1573
ord4577
ord1318
ord526
ord721
ord3662
ord2027
ord3201
ord777
ord3051
ord558
ord746
ord5434
ord4558
ord5053
ord2277
ord5965
ord1002
ord3032
ord3050
ord631
ord2898
ord3925
ord2745
ord2279
ord2271
ord386
ord5705
ord6278
ord4112
ord2713
ord2225
ord3448
ord4098
ord2861
ord5864
ord6115
ord643
ord3209
ord1550
ord1629
ord2795
ord562
ord3319
ord2978
ord1953
ord5157
ord2396
ord5198
ord6265
ord5141
ord1342
ord1336
ord4985
ord1343
ord2030
ord2068
ord2072
ord1903
ord3981
ord5351
ord3923
ord4192
ord6010
ord1586
ord1642
ord2869
ord4960
ord751
ord4336
ord1461
ord4035
ord5920
ord5721
ord6005
ord5736
ord2863
ord4354
ord4866
ord3400
ord1431
ord1970
ord6059
ord3102
ord6300
ord1281
ord2369
ord1864
ord6173
ord6167
ord530
ord3289
ord722
ord6001
ord5710
ord356
ord355
ord745
ord557
ord1719
ord736
ord3306
ord1579
ord1637
ord3134
ord5972
ord556
ord3314
ord3092
ord2740
ord2747
ord2744
ord2116
ord5626
ord5873
ord2904
ord5325
ord6291
ord4054
ord6211
ord917
ord2305
ord2465
ord5343
ord380
ord3195
ord2696
ord2697
ord5489
ord2468
ord2460
ord4100
ord5342
ord555
ord5091
ord2877
ord1087
ord423
ord3227
ord660
ord4057
ord862
ord5462
ord5485
ord3677
ord566
ord3327
ord4475
ord2832
ord5562
ord5226
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096

msvcr80

_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
strchr
strncmp
isalnum
tolower
isspace
fseek
ftell
_vsnprintf_s
atof
sscanf_s
fputc
ferror
_wfopen_s
fopen_s
strncpy
printf
strftime
_localtime64
_difftime64
isalpha
_strupr
__dllonexit
getenv
__iob_func
fprintf
exit
fread
_strnicmp
_wcsdup
wcsrchr
fgets
_wtol
memcpy_s
wcschr
_purecall
_localtime64_s
fwrite
srand
_time64
rand
iswdigit
memmove
_wfopen
fclose
_setjmp3
memcpy
longjmp
malloc
sprintf
_itoa
atoi
sscanf
swscanf
_wtoi
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_wcsnicmp
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_wsplitpath
_wmakepath
??0exception@std@@QAE@XZ
_invoke_watson
_controlfp_s
_crt_debugger_hook
_mktime64
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_stricmp
__CxxFrameHandler3
memset
_wcsicmp
wcsncpy
_waccess
_invalid_parameter_noinfo
free
calloc
_recalloc
memmove_s
??0exception@std@@QAE@ABQBD@Z
toupper

kernel32

GetLocaleInfoW
GetACP
lstrcpyW
GetNumberFormatW
GetTempPathW
OpenProcess
GetFullPathNameW
GlobalReAlloc
GetWindowsDirectoryW
GetSystemDirectoryW
CreateProcessW
GetLogicalDrives
GetDriveTypeW
GetFileAttributesExW
CopyFileW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
WritePrivateProfileStringW
CreateEventW
InitializeCriticalSection
SetEvent
WaitForSingleObject
ResetEvent
CreateThread
SetThreadPriority
ResumeThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
IsBadReadPtr
GetTimeFormatW
GetDateFormatW
GetTickCount
Sleep
GetPrivateProfileIntW
FreeLibrary
GetCurrentProcess
TerminateProcess
GetCommandLineW
CreateMutexW
GetCurrentThreadId
MulDiv
lstrcpynW
GetLocalTime
OutputDebugStringW
GetTempFileNameW
WinExec
LoadLibraryA
GetComputerNameW
DeviceIoControl
GetSystemTime
SystemTimeToTzSpecificLocalTime
DeleteFileA
CreateFileA
CopyFileA
GetCurrentDirectoryA
GetFileAttributesA
GetSystemDirectoryA
GetVersion
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
WriteFile
CreateFileW
GetFileSize
ReadFile
GetLastError
GetPrivateProfileStringW
CreateDirectoryW
GetModuleFileNameW
FindClose
FindNextFileW
FindFirstFileW
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
FindResourceW
LoadLibraryW
GetModuleHandleW
GetProcAddress
SetLastError
LoadResource
GetVersionExW
lstrlenA
GetLocaleInfoA
GetThreadLocale
GetVersionExA
CloseHandle
DeleteFileW

user32

LoadBitmapW
GetKeyNameTextW
MapVirtualKeyW
DrawEdge
CreateMenu
AppendMenuW
GetMenuItemCount
CopyAcceleratorTableW
GetMenuItemInfoW
SetMenuItemInfoW
ShowCursor
SetForegroundWindow
IntersectRect
DrawIcon
SetWindowRgn
IsWindow
GetMonitorInfoW
MonitorFromWindow
SetRect
FindWindowW
SetRectEmpty
UnionRect
GetMenuItemID
ModifyMenuW
GetKeyState
EnumDisplayMonitors
TrackPopupMenuEx
SetWindowLongW
IsIconic
IsZoomed
BringWindowToTop
LoadIconW
AdjustWindowRectEx
DeferWindowPos
EndDeferWindowPos
BeginDeferWindowPos
GetClassNameW
GetDlgItem
SetCursorPos
CallWindowProcW
GetWindowTextW
GetWindowThreadProcessId
EnumWindows
SetProcessDefaultLayout
ShowWindow
keybd_event
CloseDesktop
SetThreadDesktop
GetThreadDesktop
OpenDesktopW
ChangeDisplaySettingsW
CreatePopupMenu
SetMenuDefaultItem
CheckMenuRadioItem
GetFocus
TranslateAcceleratorW
UnregisterHotKey
RegisterHotKey
SetWindowPos
LoadStringW
EnumDisplaySettingsW
LoadAcceleratorsW
RegisterWindowMessageW
DestroyAcceleratorTable
ChildWindowFromPointEx
GetCursor
IsChild
GetDlgCtrlID
MessageBoxW
GetAsyncKeyState
GetSysColor
GetIconInfo
DestroyIcon
GetWindowLongW
SetActiveWindow
RedrawWindow
DrawFocusRect
FrameRect
FillRect
OffsetRect
InflateRect
DrawStateW
DestroyCursor
LoadImageW
SystemParametersInfoW
IsWindowVisible
UpdateWindow
GetWindowRect
GetSystemMenu
RemoveMenu
EnableMenuItem
SetCursor
GetSystemMetrics
LoadCursorW
ScreenToClient
LoadMenuW
GetSubMenu
CheckMenuItem
DeleteMenu
IsRectEmpty
PostMessageW
ReleaseCapture
WindowFromPoint
GetParent
SetCapture
GetCapture
GetActiveWindow
ClientToScreen
PtInRect
CopyRect
GetProcessDefaultLayout
KillTimer
SetTimer
InvalidateRect
ReleaseDC
GetDC
GetClientRect
SendMessageW
EnableWindow
GetDesktopWindow
GetCursorPos

gdi32

CreatePen
GetPixel
CombineRgn
CreateRectRgn
GetTextExtentPoint32W
GetStockObject
BitBlt
CreateCompatibleDC
GetObjectW
CreateFontIndirectW
SetBrushOrgEx
CreateSolidBrush
CreateDCW
GetDeviceCaps
ExtCreateRegion
Rectangle
GetBkMode
CreateCompatibleBitmap
SetBitmapBits
GetBitmapBits
CreatePolygonRgn
OffsetRgn
FillRgn
FrameRgn
SelectObject
DeleteObject
DeleteDC
SetTextColor
CreateDIBSection
SetBkColor
CreateBitmap
Ellipse
PatBlt
CreatePalette
EnumFontFamiliesExW
StretchBlt
SetDIBitsToDevice
StretchDIBits
GetDIBits
CreateRoundRectRgn

msimg32

TransparentBlt

comdlg32

GetOpenFileNameW

advapi32

AdjustTokenPrivileges
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
RegSetValueExW
OpenSCManagerA
ControlService
RegCreateKeyExW
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
DeleteService

shell32

ShellExecuteExW
Shell_NotifyIconW
SHFileOperationW
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW

comctl32

_TrackMouseEvent

ole32

CoFreeUnusedLibraries
CoCreateGuid
CoUninitialize
CoInitialize

oleaut32

SysFreeString

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

gdiplus

GdipFree
GdipCloneImage
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipDisposeImage
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipAlloc

netapi32

Netbios

Sections

.text
Size: 800KB - Virtual size: 799KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

388c4b20c579935561522b71bc23a04f

Headers

File Characteristics

PDB Paths

Imports

libtdmaster

exchange20

libminimedia10

libnet30

librtp20

libjpeg20

libimg20

ws2_32

winmm

msacm32

powrprof

libtdajust

libtdfigo

libtddesk2

libtdviper

libelcmanager

libcomlayer

libbasetrans

libtestquizgrade

libtestinstanttest

libremotesetting

librecorder

librepeatsrv

libwebserver

libwebpolicy

libapppolicy

libfilecast

libmultichat

libtestquizedit

libtestmonitor

libliveexpress

mfc80u

msvcr80

kernel32

user32

gdi32

msimg32

comdlg32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp80

gdiplus

netapi32

Sections

.text Size: 800KB - Virtual size: 799KB

.rdata Size: 188KB - Virtual size: 186KB

.data Size: 20KB - Virtual size: 21KB

.rsrc Size: 2.4MB - Virtual size: 2.4MB

.text
Size: 800KB - Virtual size: 799KB

.rdata
Size: 188KB - Virtual size: 186KB

.data
Size: 20KB - Virtual size: 21KB

.rsrc
Size: 2.4MB - Virtual size: 2.4MB