aaa[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

aaa.rar
Size

2.0MB
MD5

217f95edf64bc618ce6c9addd9c8c83d
SHA1

a5ac6b6ac3ac127b6425719b2c8a3ee97e82b47d
SHA256

1f95978ab90b87aa82d1539be7a0d6b5c09df286273ba336dc7503f786e8a713
SHA512

7a62ad67e625723b7c160cff9e32cbdf6e409dedaa3af188775e7a21171c343f7ed1971c8389ea856e9992fa8ffd3e5dbe93834381e477bc02cb0f7701d668bd
SSDEEP

49152:B3ERdk6QaF5SGLNdduPy2U9kusPkLh8UWTdJCqWV20D5LUbeE:BAT5S65Ok8LdJCqC5L1E

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/aaa/CoronaVirus.exe
unpack001/aaa/GoldenEye.exe
unpack001/aaa/MEMZ.exe
unpack001/aaa/WinlockerVB6Blacksod.exe

Files

aaa.rar
.rar
aaa/CoronaVirus.exe
.exe windows:5 windows x86 arch:x86

d761cb0531b62176dc524988b5963190

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
CloseHandle
CreateFileW
HeapReAlloc
HeapSize
GlobalAlloc
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetProcessHeap
SetStdHandle
SetEnvironmentVariableA
GetThreadPriority
SetFilePointerEx
LoadLibraryA
SetEvent
ResetEvent
CreateEventA
GetEnvironmentStrings
GetConsoleWindow
SetEndOfFile
GetPriorityClass
FreeLibrary
EnumDateFormatsA
GetCurrentThread
GetLastError
GlobalAddAtomA
WaitForSingleObject
SetThreadPriority
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
GetCurrentProcess
FindNextFileA
FindFirstFileExA
FindClose
DecodePointer
GetStringTypeW
LCMapStringW
CompareStringW
CreateThread
WaitForSingleObjectEx
OutputDebugStringW
HeapAlloc
HeapFree
GetACP
WideCharToMultiByte
MultiByteToWideChar
ExitProcess
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
GetModuleFileNameA
GetFileType
GetStdHandle
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
RaiseException
EncodePointer
GlobalFree
GlobalLock
GlobalUnlock
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
BuildCommDCBA
SetCommTimeouts
SetCommState
GetCommTimeouts
GetCommState
WriteFile
ReadFile
FlushFileBuffers
CreateFileA
GetModuleHandleA
CreateEventW
SetPriorityClass

user32

SetClipboardData
GetClipboardData
EmptyClipboard
IsDlgButtonChecked
DefWindowProcA
TranslateMessage
RegisterWindowMessageW
ReleaseDC
EndPaint
CloseClipboard
OpenClipboard
DestroyWindow
ShowWindow
SetClassLongA
WindowFromDC
GetDesktopWindow
GetDlgItem
SendMessageA
LoadIconA
CheckMenuItem
GetCursorPos
BeginPaint
GetMessageW
CreateDialogParamW
GetDC
EndDialog
DialogBoxParamA
wsprintfA
OffsetRect
DispatchMessageW
TrackMouseEvent
SetWindowTextA
MessageBoxA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
SetWindowPos
IsIconic
GetWindowRect
AdjustWindowRectEx
ShowCursor
ClientToScreen
CopyRect
GetWindowLongA
SetWindowLongA
GetMonitorInfoA
EnumDisplayMonitors
GetSystemMetrics
LoadCursorA
ScreenToClient
SetRect
GetMessageA
DispatchMessageA
PeekMessageA
GetMessagePos
PostQuitMessage
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
UpdateWindow
SetActiveWindow
GetUpdateRect
InvalidateRect
ChildWindowFromPoint
MonitorFromWindow
ChangeDisplaySettingsExA
EnumDisplaySettingsA
SetCursorPos
SetCursor
GetClientRect

gdi32

ChoosePixelFormat
BitBlt
SelectObject
CreateDIBSection
GetTextExtentPoint32A
CreateCompatibleDC
GetNearestPaletteIndex
DeleteDC
SetViewportOrgEx
DeleteObject
CreateDCA
GetDeviceCaps
SetPixelFormat
DescribePixelFormat
SwapBuffers
GetPixelFormat

comdlg32

GetOpenFileNameA
FindTextW

advapi32

RegQueryValueExA
OpenSCManagerA
ControlService
RegOpenKeyA
OpenServiceA
RegCloseKey
RegOpenKeyExA

shell32

ord63
DragQueryFileA
ord62
DragFinish

ole32

CreateStreamOnHGlobal

oleaut32

CreateTypeLib2
CreateTypeLi

odbc32

ord157
ord156
ord155

opengl32

wglGetCurrentDC
glScissor
glDisableClientState
glMatrixMode
glBlendFunc
glLoadIdentity
glTexParameteri
glDeleteTextures
glPopMatrix
glViewport
glEnableClientState
glPopAttrib
glPolygonMode
glBindTexture
glGenTextures
glVertexPointer
glNormalPointer
glGetFloatv
glDrawArrays
glVertex2f
glTranslatef
glPushClientAttrib
glPopClientAttrib
glBitmap
glVertex2i
glRasterPos2i
glEnd
glColor4fv
glColor4f
glBegin
glGetString
glGetError
glGetBooleanv
glReadBuffer
glDrawBuffer
glFlush
wglMakeCurrent
wglGetProcAddress
wglGetCurrentContext
wglDeleteContext
wglCreateContext
glClearColor
glTexCoordPointer
glClear
glGetIntegerv
glPushAttrib
glOrtho
glPixelStorei
glPushMatrix
glDisable
glDrawElements
glTexEnvi
glColorPointer
glTexImage2D
glGetTexEnviv
glEnable

winmm

joyGetDevCapsA
timeBeginPeriod
timeEndPeriod
timeGetTime
joyGetPosEx

gdiplus

GdipCreateBitmapFromStream
GdipSaveImageToStream
GdipFree
GdipDisposeImage
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipCloneImage

ws2_32

closesocket

avifil32

AVIMakeCompressedStream

rpcrt4

UuidCreate
UuidToStringW

dbghelp

EnumerateLoadedModules

comsvcs

CoCreateActivity

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

Sections

.text
Size: 563KB - Virtual size: 563KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
aaa/GoldenEye.exe
.exe windows:5 windows x86 arch:x86

eadbe699c9f56194b9bbdf2dd7631233

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\src\ZoomIt\Release\ZoomIt.pdb

Imports

comctl32

ord17

winmm

PlaySoundA

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectRect
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateBitmapFromHBITMAP

msimg32

AlphaBlend

kernel32

GetTickCount
FormatMessageA
lstrcpynA
CreateEventA
GetModuleFileNameA
CreateProcessA
GetCommandLineA
ExpandEnvironmentStringsA
FindResourceA
GetFileAttributesA
DeleteFileA
MultiByteToWideChar
GetStringTypeW
FatalAppExitA
CreateSemaphoreW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
MulDiv
GetFileType
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
RtlUnwind
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
HeapSize
GetModuleFileNameW
WriteFile
GetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetProcessHeap
GetCurrentThreadId
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
InterlockedDecrement
InterlockedIncrement
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
HeapAlloc
HeapFree
Beep
CloseHandle
SizeofResource
LoadResource
Sleep
WaitForSingleObject
GetLastError
SetThreadPriority
GetCurrentThread
GetExitCodeProcess
GetCurrentProcess
GetVersion
LockResource
GetCommandLineW
GetModuleHandleA
LoadLibraryA
LocalFree
LocalAlloc
GetProcAddress
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
RaiseException
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
InterlockedExchange
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
OutputDebugStringW
LoadLibraryW
SetFilePointerEx
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteConsoleW
CreateFileW
ReadFile
ReadConsoleW
SetEndOfFile
DeleteCriticalSection

user32

FindWindowW
FindWindowA
GetParent
GetDesktopWindow
GetWindowLongA
SetRect
FillRect
GetSysColor
ChildWindowFromPoint
MapWindowPoints
GetClipCursor
ClipCursor
GetCursorPos
LoadIconA
MessageBoxA
GetWindowRect
GetClientRect
RedrawWindow
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
ChangeDisplaySettingsExA
SystemParametersInfoA
EnumDisplaySettingsA
SetCursorPos
DrawTextA
TrackPopupMenu
InsertMenuA
DestroyMenu
CreatePopupMenu
TranslateAcceleratorA
LoadAcceleratorsA
EnableWindow
KillTimer
SetTimer
GetAsyncKeyState
GetKeyState
SetFocus
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
DialogBoxParamA
CreateDialogParamA
BringWindowToTop
IsWindowVisible
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExA
RegisterClassA
PostQuitMessage
DefWindowProcA
PostMessageA
GetMessageExtraInfo
UnregisterHotKey
RegisterHotKey
DispatchMessageA
TranslateMessage
GetMessageA
LoadCursorA
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextA
GetDlgItem
EndDialog
DialogBoxIndirectParamA
SendMessageA
SetWindowLongA

gdi32

DeleteDC
DeleteObject
Ellipse
GetStockObject
LineTo
Rectangle
SelectObject
CreateSolidBrush
StretchBlt
SetROP2
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx
Polygon
CreatePen
CreateFontIndirectA
GetDeviceCaps
StartDocA
SetMapMode
EndDoc
StartPage
EndPage
BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
SetBkMode
CreateDCA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
PrintDlgA
ChooseFontA

advapi32

RegCreateKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

CoInitialize

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aaa/MEMZ.exe
.exe windows:5 windows x86 arch:x86

2eb516ca11536a75b455bb2361a5a574

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
CloseHandle
lstrcmpA
lstrcmpW
LoadLibraryA
GetModuleFileNameW
GetCommandLineW
CreateFileA
Sleep
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GlobalAlloc
GlobalFree
GetModuleHandleW
lstrlenW
GetCurrentThreadId
CreateThread
ExitProcess
GetCurrentProcess
OpenProcess
LocalFree
LocalAlloc
SetPriorityClass
GetProcAddress

user32

MessageBoxW
SetCursorPos
GetCursorPos
GetDesktopWindow
EnumChildWindows
CallNextHookEx
LoadIconW
GetWindowRect
SetWindowsHookExW
MessageBoxA
CreateWindowExA
RegisterClassExA
DefWindowProcW
ExitWindowsEx
DispatchMessageW
TranslateMessage
GetWindowDC
DrawIcon
GetSystemMetrics
SendMessageTimeoutW
SendInput
GetMessageW
UnhookWindowsHookEx

gdi32

BitBlt
StretchBlt

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptAcquireContextW
CryptGenRandom

shell32

CommandLineToArgvW
ShellExecuteW
ShellExecuteA
ShellExecuteExW

winmm

waveOutWrite
PlaySoundA
waveOutPrepareHeader
waveOutOpen

psapi

GetProcessImageFileNameA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
aaa/WinlockerVB6Blacksod.exe
.exe windows:5 windows x86 arch:x86

fdc840a7a99c43c34a60188ec8cc1596

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\victor\Desktop\BRANCH\win\Release\stubs\x86\ExternalUi.pdb

Imports

kernel32

CreateDirectoryW
GetCurrentProcessId
GetExitCodeThread
SetEvent
CreateEventW
SetLastError
LoadLibraryW
FreeLibrary
lstrlenW
GetVersionExW
CreateFileA
SetStdHandle
WriteConsoleW
WriteConsoleA
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetDiskFreeSpaceExW
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
ExitProcess
lstrcmpiW
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoW
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
PeekNamedPipe
OpenEventW
CopyFileExW
CompareFileTime
GetVersion
ResetEvent
MoveFileW
GetLocaleInfoA
GetStringTypeW
ConnectNamedPipe
CreateNamedPipeW
TerminateThread
GetSystemDirectoryW
GetLocalTime
OutputDebugStringW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetWindowsDirectoryW
FileTimeToSystemTime
GetUserDefaultLangID
GetSystemDefaultLangID
GetDriveTypeW
CompareStringW
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpW
GetFileSize
ReadFile
GlobalFree
GetTempPathW
GetSystemTime
SystemTimeToFileTime
GetTempFileNameW
DeleteFileW
FindFirstFileW
RemoveDirectoryW
FindNextFileW
GetLogicalDriveStringsW
GetFileAttributesW
SetFileAttributesW
GetFileTime
CopyFileW
FindClose
MultiByteToWideChar
LoadLibraryExW
WideCharToMultiByte
InterlockedExchange
GetSystemInfo
TlsFree
WaitForMultipleObjects
Sleep
GetLastError
GetCurrentThreadId
WaitForSingleObject
MulDiv
lstrcpynW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLocaleInfoW
EnumResourceLanguagesW
SetEndOfFile
SetCurrentDirectoryW
GetCommandLineW
GetExitCodeProcess
CreateProcessW
GetModuleFileNameA
FlushFileBuffers
LeaveCriticalSection
SetFilePointer
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetStdHandle
SetConsoleTextAttribute
GetFullPathNameW
GetCurrentThread
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetModuleHandleW
GetProcAddress
RaiseException
FlushInstructionCache
GetCurrentProcess
CloseHandle
WriteFile
CreateFileW
FreeEnvironmentStringsW
LocalAlloc
LocalFree
LoadLibraryA
GetShortPathNameW
GetEnvironmentVariableW
FormatMessageW
CreateThread
SetUnhandledExceptionFilter

user32

MapWindowPoints
GetParent
GetWindow
GetClientRect
GetWindowTextW
GetWindowTextLengthW
FillRect
IsWindow
ShowWindow
GetWindowRect
UnionRect
IsWindowVisible
BeginPaint
EndPaint
ScreenToClient
SetWindowPos
GetWindowDC
LookupIconIdFromDirectoryEx
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
SendMessageW
DrawFrameControl
RegisterWindowMessageW
InvalidateRgn
GetDesktopWindow
GetKeyState
DrawStateW
DrawTextExW
DrawFocusRect
ValidateRect
DestroyMenu
AppendMenuW
CreatePopupMenu
TrackPopupMenu
InflateRect
LoadBitmapW
MessageBeep
LoadImageW
CharNextW
GetClassNameW
ReleaseCapture
SetCapture
UpdateWindow
DestroyIcon
GetDlgCtrlID
GetCapture
SetScrollInfo
GetScrollPos
GetClassInfoExW
RegisterClassExW
DrawEdge
SetScrollPos
SetRect
MoveWindow
GetScrollInfo
GetMessagePos
SystemParametersInfoW
GetActiveWindow
TrackMouseEvent
GetAsyncKeyState
DestroyCursor
GetWindowRgn
IsZoomed
SetWindowRgn
GetComboBoxInfo
DestroyAcceleratorTable
CreateAcceleratorTableW
TranslateAcceleratorW
CreateDialogParamW
EndDialog
DialogBoxParamW
InvalidateRect
GetNextDlgTabItem
SetCursor
MonitorFromWindow
GetMonitorInfoW
IsDialogMessageW
IsChild
PostQuitMessage
PostMessageW
SetForegroundWindow
SetCursorPos
GetCursorPos
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadCursorW
LoadStringW
MessageBoxW
GetFocus
EnableWindow
DestroyWindow
GetForegroundWindow
EnumWindows
GetWindowThreadProcessId
DialogBoxIndirectParamW
MsgWaitForMultipleObjects
GetPropW
GetSystemMenu
EnableMenuItem
ModifyMenuW
ExitWindowsEx
GetScrollRange
SetPropW
RemovePropW
LoadMenuW
GetSubMenu
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
GetIconInfo
SendMessageTimeoutW
UnregisterClassA
DrawTextW
DrawIconEx
GetSystemMetrics
ClientToScreen
OffsetRect
SetRectEmpty
PtInRect
GetSysColorBrush
IntersectRect
IsRectEmpty
SendMessageA
IsWindowEnabled
CopyRect
RedrawWindow
SetFocus
GetSysColor
CreateWindowExW
GetDlgItem
SetWindowTextW
EqualRect
SetTimer
KillTimer
GetDC
ReleaseDC
CreateIconFromResourceEx

gdi32

GetLayout
GetBrushOrgEx
CreateFontIndirectW
CreateSolidBrush
GetRgnBox
EqualRgn
CreatePolygonRgn
CreateRectRgnIndirect
GetStockObject
CreateFontW
SetBkMode
SetTextColor
SetBrushOrgEx
CreatePatternBrush
FillRgn
SelectClipRgn
GetBitmapBits
CreateRectRgn
GetObjectW
GetDeviceCaps
Rectangle
ExcludeClipRect
CreatePen
ExtTextOutW
SetBkColor
BitBlt
SetViewportOrgEx
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
SelectObject
DeleteDC
CreateDIBSection
CreateBitmapIndirect
CombineRgn

advapi32

RegOpenKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
GetSecurityDescriptorDacl
AdjustTokenPrivileges
LookupPrivilegeValueW
StartServiceW
QueryServiceStatus
OpenServiceW
RegDeleteValueA
RegQueryValueExA
RegOpenKeyA
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExA
OpenSCManagerW
LockServiceDatabase
UnlockServiceDatabase
CloseServiceHandle
RegOpenKeyExA
RegEnumValueA
LookupAccountSidW
RegCreateKeyW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
RegDeleteKeyA
RegCreateKeyA

shell32

ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
SHGetSpecialFolderLocation

ole32

CoTaskMemRealloc
CoTaskMemFree
CoInitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoUninitialize
CoCreateGuid
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoInitializeEx
CoCreateInstance

oleaut32

VarDateFromStr
VarUI4FromStr
OleLoadPicture
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect
VariantCopy
VariantInit
VariantClear
SysAllocString
SysFreeString

dbghelp

SymGetLineFromAddr
SymSetSearchPath
SymCleanup
SymInitialize
SymSetOptions
SymFunctionTableAccess
StackWalk
SymGetModuleBase

shlwapi

PathIsDirectoryW
PathAddBackslashW
PathIsUNCW
PathFileExistsW

comctl32

ImageList_Destroy
DestroyPropertySheetPage
InitCommonControlsEx
ImageList_LoadImageW
ImageList_GetIcon
ImageList_AddMasked
ImageList_SetBkColor
_TrackMouseEvent
ImageList_Add
ImageList_ReplaceIcon
ImageList_Create
CreatePropertySheetPageW
PropertySheetW

msimg32

AlphaBlend
TransparentBlt

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

mpr

WNetAddConnection2W

comdlg32

GetOpenFileNameW
GetSaveFileNameW

Sections

.text
Size: 1010KB - Virtual size: 1009KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d761cb0531b62176dc524988b5963190

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

odbc32

opengl32

winmm

gdiplus

ws2_32

avifil32

rpcrt4

dbghelp

comsvcs

imm32

Sections

.text Size: 563KB - Virtual size: 563KB

.rdata Size: 213KB - Virtual size: 212KB

.data Size: 37KB - Virtual size: 444KB

.gfids Size: 512B - Virtual size: 280B

_RDATA Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.text Size: 2KB - Virtual size: 1KB

.rsrc Size: 218KB - Virtual size: 218KB

eadbe699c9f56194b9bbdf2dd7631233

Headers

File Characteristics

PDB Paths

Imports

comctl32

winmm

gdiplus

msimg32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 190KB - Virtual size: 189KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 6KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 434B

.reloc Size: 13KB - Virtual size: 12KB

2eb516ca11536a75b455bb2361a5a574

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

winmm

psapi

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 624B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 528B

fdc840a7a99c43c34a60188ec8cc1596

Headers

DLL Characteristics

.text
Size: 563KB - Virtual size: 563KB

.rdata
Size: 213KB - Virtual size: 212KB

.data
Size: 37KB - Virtual size: 444KB

.gfids
Size: 512B - Virtual size: 280B

_RDATA
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.text
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 218KB - Virtual size: 218KB

.text
Size: 190KB - Virtual size: 189KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 6KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 434B

.reloc
Size: 13KB - Virtual size: 12KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 624B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 528B

.text
Size: 1010KB - Virtual size: 1009KB

.rdata
Size: 239KB - Virtual size: 238KB

.data
Size: 12KB - Virtual size: 39KB

.rsrc
Size: 71KB - Virtual size: 70KB

.reloc
Size: 96KB - Virtual size: 96KB