37e6c7b13eb8999cf0d10ed930b802253922bd2907573c6b9198c07d918e916c

Sharing

Copy URL

Twitter E-mail

General

Target

37e6c7b13eb8999cf0d10ed930b802253922bd2907573c6b9198c07d918e916c
Size

1.9MB
MD5

3fbac1788133ac74c67e0b7a30bec7ae
SHA1

a651145783d9e98f4557c3fde9193293cea797b6
SHA256

37e6c7b13eb8999cf0d10ed930b802253922bd2907573c6b9198c07d918e916c
SHA512

3f239071bef5ea0c152c1bfa3e1addcece5a35ef16c8606148a808f203c7e35033952b9ec19ea8a11fb232c47f695e558360409d6e52b0d03f338fe6fa0fb614
SSDEEP

49152:h1X3nze66MLiZuWcsTmRZ1LRXdjAXnTnhURe:X3z76/UWiRZtRNErhUk

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/processexplorerchs_xz7.com/processexplorerchs_xz7.com/ProcessExplorer_v16.32_Chs/procexp_Chn.exe
unpack001/processexplorerchs_xz7.com/processexplorerchs_xz7.com/ProcessExplorer_v16.32_Chs/procexp_Chn64.exe

Files

37e6c7b13eb8999cf0d10ed930b802253922bd2907573c6b9198c07d918e916c
.zip
processexplorerchs_xz7.com/Readme-ZOL.htm
processexplorerchs_xz7.com/processexplorerchs_xz7.com/ProcessExplorer_v16.32_Chs/procexp_Chn.exe
.exe windows:5 windows x86 arch:x86

f1d93e5d6f71d30385be0c8d6aec3cc8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\agent\_work\123\s\exe\Win32\Release\procexp.pdb

Imports

shlwapi

ColorHLSToRGB
ColorRGBToHLS
ord176
SHAutoComplete
UrlUnescapeW

iphlpapi

GetExtendedTcpTable
GetExtendedUdpTable

ws2_32

ntohs
WSAStartup
htonl
htons
ntohl
getservbyport
gethostbyaddr

mpr

WNetGetConnectionW

comctl32

ImageList_ReplaceIcon
ImageList_Add
InitCommonControlsEx
ImageList_Destroy
ImageList_DrawEx
ord17
PropertySheetW
ImageList_Create
CreateStatusWindowW
ord410
ImageList_GetIcon
ord413
CreatePropertySheetPageW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

credui

CredUIPromptForCredentialsW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces

crypt32

CertDuplicateCertificateContext
CryptDecodeObject
CertGetNameStringW

aclui

ord1

powrprof

IsPwrSuspendAllowed
SetSuspendState
IsPwrHibernateAllowed

wtsapi32

WTSQuerySessionInformationW
WTSSendMessageW
WTSDisconnectSession
WTSLogoffSession
WTSFreeMemory
WTSEnumerateSessionsW

uxtheme

EnableThemeDialogTexture

ntdll

NtOpenSymbolicLinkObject
NtQuerySystemInformation
NtSetInformationProcess
NtQuerySymbolicLinkObject
NtCreateKey
NtOpenKey
NtOpenThread
RtlCreateQueryDebugBuffer
NtQuerySemaphore
NtQueryEvent
NtResumeProcess
NtQueryInformationProcess
NtQueryInformationThread
NtSuspendProcess
NtSuspendThread
RtlQueryProcessDebugInformation
RtlDestroyQueryDebugBuffer
NtQueryObject
NtLoadDriver
RtlUnwind
NtResumeThread
NtQueryMutant
NtQuerySection

gdi32

SelectObject
SetBkColor
SetBkMode
SetTextColor
GetTextMetricsW
SelectClipRgn
SetMapMode
StartDocW
EndDoc
StartPage
EndPage
CreateFontIndirectW
GetTextExtentPoint32W
SetTextAlign
ExtTextOutW
LineTo
Rectangle
RestoreDC
SaveDC
SetROP2
MoveToEx
CreateBitmap
RectInRegion
GetStockObject
GetDeviceCaps
GetBkMode
GetBkColor
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreatePen
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
GetObjectW
CreateDIBSection
Polyline

comdlg32

ChooseColorW
GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
PrintDlgW
ChooseFontW
FindTextW

kernel32

GetFileSize
GetStdHandle
WriteFile
GetFileTime
CloseHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
MapViewOfFile
UnmapViewOfFile
lstrlenW
TlsAlloc
TlsSetValue
CreateFileMappingW
GetModuleFileNameW
GetModuleHandleW
CreateProcessW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetSystemWindowsDirectoryW
GetSystemWow64DirectoryW
GetFullPathNameW
GetCurrentThreadId
IsWow64Process
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFileAttributesW
FindFirstFileW
GetPrivateProfileStringW
FreeLibrary
LoadLibraryExW
ReadFile
MultiByteToWideChar
FindClose
FindNextFileW
LeaveCriticalSection
GetCurrentThread
EnterCriticalSection
SetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateEventW
CreateThread
GetExitCodeThread
SetLastError
GetVersionExW
GetFileSizeEx
MulDiv
GetTickCount
LoadLibraryW
GlobalAddAtomW
FormatMessageW
LocalAlloc
InitializeCriticalSection
GetCommandLineW
LockResource
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
LoadResource
SizeofResource
FindResourceW
FindResourceExW
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalUnlock
TerminateThread
Module32FirstW
Module32NextW
DeleteCriticalSection
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
IsBadStringPtrW
OpenEventW
ReadProcessMemory
lstrcmpiW
GetEnvironmentVariableW
VirtualQueryEx
GetCurrentProcessId
SetFilePointer
IsProcessorFeaturePresent
GetSystemDirectoryW
DeleteFileW
SearchPathW
OpenThread
GetThreadContext
SuspendThread
ResumeThread
Thread32First
Thread32Next
ResetEvent
QueryPerformanceCounter
QueryPerformanceFrequency
IsBadReadPtr
GlobalFree
GlobalMemoryStatusEx
SetProcessWorkingSetSize
TerminateProcess
GetProcessId
PulseEvent
SetPriorityClass
GetComputerNameW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
GetLogicalProcessorInformation
GlobalMemoryStatus
VirtualAlloc
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetProcessWorkingSetSize
DeviceIoControl
DuplicateHandle
OutputDebugStringW
GetDriveTypeW
GetCurrentDirectoryW
CreateJobObjectW
QueryInformationJobObject
IsProcessInJob
WideCharToMultiByte
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GetNativeSystemInfo
ExpandEnvironmentStringsA
LoadLibraryA
InitializeSListHead
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetTimeZoneInformation
FindFirstFileExW
SetErrorMode
GetLastError
ExitThread
GetCurrentProcess
OpenProcess
GetLongPathNameW
LocalFree
GetVersion
IsValidCodePage
GetOEMCP
GetProcAddress
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
InterlockedDecrement
InterlockedIncrement
TlsGetValue
GetStartupInfoW
GetStringTypeW
EncodePointer
SwitchToThread
TlsFree
CompareStringW
LCMapStringW
GetCPInfo
IsDebuggerPresent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetEnvironmentVariableA
SetStdHandle
SetFilePointerEx
WriteConsoleW
SetEndOfFile
ReadConsoleW
Sleep
GetFileType
SetUnhandledExceptionFilter
CreateFileW

user32

SetMenuItemInfoW
GetWindowDC
EndTask
RegisterWindowMessageW
DrawEdge
GetMessageW
TranslateMessage
DispatchMessageW
ExitWindowsEx
PostQuitMessage
IsWindow
SetLayeredWindowAttributes
CreateDialogParamW
GetDlgItemTextW
IsWindowEnabled
LoadAcceleratorsW
TranslateAcceleratorW
LoadMenuW
DrawMenuBar
CreateMenu
RemoveMenu
TrackPopupMenu
GetMenuInfo
SetMenuInfo
EndMenu
RedrawWindow
WindowFromPoint
CheckMenuRadioItem
DrawIconEx
IsDialogMessageW
LockWorkStation
IsHungAppWindow
PeekMessageW
SendMessageTimeoutW
CheckRadioButton
GetDlgCtrlID
MsgWaitForMultipleObjects
KillTimer
GetDesktopWindow
GetWindow
GetGuiResources
LoadBitmapW
CopyImage
IsIconic
ShowWindowAsync
GetMonitorInfoW
MonitorFromPoint
EnumWindows
SetClassLongW
ClientToScreen
GetWindowTextW
InvalidateRgn
TrackPopupMenuEx
ModifyMenuW
AppendMenuW
GetMenuItemCount
GetMenuItemID
EnableMenuItem
CreatePopupMenu
EnableWindow
IsDlgButtonChecked
CheckDlgButton
GetWindowPlacement
LoadIconW
SetWindowPlacement
DefMDIChildProcW
DefFrameProcW
DefDlgProcW
CreateIconIndirect
FrameRect
IsWindowVisible
DestroyWindow
GetClassNameW
EnumChildWindows
PtInRect
UnionRect
CopyRect
ScreenToClient
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IsZoomed
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DrawFrameControl
ChildWindowFromPoint
SetDlgItemTextW
DialogBoxParamW
MoveWindow
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
GetScrollInfo
SetScrollInfo
GetParent
GetClassLongW
SetWindowLongW
GetWindowLongW
OffsetRect
IntersectRect
InflateRect
FillRect
GetSysColorBrush
GetSysColor
MapWindowPoints
GetCursorPos
GetWindowRect
GetClientRect
GetPropW
SetPropW
ScrollWindowEx
ValidateRect
InvalidateRect
GetUpdateRgn
GetUpdateRect
EndPaint
BeginPaint
UpdateWindow
DrawTextW
SetTimer
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetFocus
SetWindowPos
CreateWindowExW
RegisterClassExW
CallWindowProcW
PostMessageW
LoadStringW
ReleaseDC
GetDC
SendMessageW
WaitForInputIdle
ShowWindow
SetFocus
GetSystemMetrics
GetMenu
CheckMenuItem
GetSubMenu
InsertMenuW
EnumDisplaySettingsW
LoadImageW
DestroyIcon
LoadCursorW
GetWindowThreadProcessId
FindWindowExW
FindWindowW
SetCursor
MessageBoxW
SetForegroundWindow
DeleteMenu
DefWindowProcW

advapi32

OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
EqualSid
QueryServiceConfigW
SetTokenInformation
IsValidSid
AllocateAndInitializeSid
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
InitializeAcl
AddAce
GetAce
AddAccessAllowedAce
FreeSid
LookupAccountSidW
CreateRestrictedToken
GetSecurityInfo
SetSecurityInfo
LsaFreeMemory
LsaClose
LsaOpenPolicy
LsaEnumerateAccountRights
RevertToSelf
FlushTraceW
RegConnectRegistryW
CreateProcessAsUserW
GetKernelObjectSecurity
SetKernelObjectSecurity
LookupPrivilegeNameW
EnumServicesStatusExW
RegQueryValueExA
RegOpenKeyExA
GetLengthSid
CloseTrace
ProcessTrace
LookupAccountNameW
LookupPrivilegeValueW
ImpersonateLoggedOnUser
DuplicateTokenEx
RegCreateKeyExW
OpenTraceW
ControlTraceW
StartTraceW
SetServiceObjectSecurity
QueryServiceObjectSecurity
MapGenericMask
RegCreateKeyW
StartServiceW
ConvertSidToStringSidW
RegCloseKey
QueryServiceStatus
ControlService
RegDeleteKeyW
RegEnumKeyW
RegEnumValueW
QueryServiceConfig2W
OpenServiceW
OpenSCManagerW
GetServiceDisplayNameW
CloseServiceHandle
RegDeleteValueW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegQueryValueW
RegUnLoadKeyW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyW
CopySid
RegLoadKeyW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
Shell_NotifyIconW
SHGetMalloc
ShellExecuteExW
SHGetFolderPathW
SHGetFileInfoW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitialize
CoSetProxyBlanket

oleaut32

VariantCopy
SysAllocStringLen
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SysAllocString
SysFreeString
SysStringLen
SysAllocStringByteLen
VariantInit
VariantClear
VariantChangeType
SafeArrayDestroy
SafeArrayGetUBound

winhttp

WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpCloseHandle

psapi

GetMappedFileNameW
QueryWorkingSet
GetModuleFileNameExW

Sections

.text
Size: 783KB - Virtual size: 782KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
processexplorerchs_xz7.com/processexplorerchs_xz7.com/ProcessExplorer_v16.32_Chs/procexp_Chn64.exe
.exe windows:5 windows x64 arch:x64

5661df91e0adea62bc4b6df68cc4048e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\agent\_work\123\s\exe\x64\Release\procexp64.pdb

Imports

shlwapi

ColorHLSToRGB
ColorRGBToHLS
UrlUnescapeW
SHAutoComplete
ord176

iphlpapi

GetExtendedTcpTable
GetExtendedUdpTable

ws2_32

WSAStartup
ntohs
htonl
ntohl
htons
gethostbyaddr
getservbyport

mpr

WNetGetConnectionW

comctl32

ImageList_ReplaceIcon
ImageList_Add
InitCommonControlsEx
ImageList_Destroy
ImageList_DrawEx
ord17
PropertySheetW
ImageList_Create
CreateStatusWindowW
CreatePropertySheetPageW
ImageList_GetIcon
ord413
ord410

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

credui

CredUIPromptForCredentialsW

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

crypt32

CryptDecodeObject
CertDuplicateCertificateContext
CertGetNameStringW

aclui

ord1

powrprof

SetSuspendState
IsPwrHibernateAllowed
IsPwrSuspendAllowed

wtsapi32

WTSFreeMemory
WTSDisconnectSession
WTSSendMessageW
WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSLogoffSession

uxtheme

EnableThemeDialogTexture

ntdll

RtlUnwind
NtQueryMutant
NtQueryEvent
NtQuerySection
NtQuerySymbolicLinkObject
NtQueryObject
NtOpenSymbolicLinkObject
NtQuerySystemInformation
NtSetInformationProcess
NtLoadDriver
NtCreateKey
NtOpenKey
NtResumeThread
NtResumeProcess
NtOpenThread
RtlCreateQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlDestroyQueryDebugBuffer
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQueryInformationThread
NtQuerySemaphore
NtSuspendThread
NtSuspendProcess
NtQueryInformationProcess

gdi32

SelectObject
SetBkColor
SetBkMode
SetTextColor
GetTextMetricsW
RectInRegion
SetMapMode
StartDocW
EndDoc
StartPage
EndPage
CreateFontIndirectW
GetTextExtentPoint32W
SetTextAlign
ExtTextOutW
LineTo
Rectangle
RestoreDC
SaveDC
SetROP2
MoveToEx
CreateBitmap
SelectClipRgn
GetStockObject
GetDeviceCaps
GetBkMode
GetBkColor
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreatePen
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
GetObjectW
CreateDIBSection
Polyline

comdlg32

GetSaveFileNameW
ChooseColorW
GetOpenFileNameW
ChooseFontW
PrintDlgW
CommDlgExtendedError
FindTextW

kernel32

WriteFile
GetFileTime
CloseHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
MapViewOfFile
UnmapViewOfFile
lstrlenW
TlsAlloc
TlsSetValue
CreateFileMappingW
GetModuleFileNameW
GetModuleHandleW
CreateProcessW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetSystemWindowsDirectoryW
GetSystemWow64DirectoryW
GetFullPathNameW
InitializeSListHead
IsWow64Process
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFileAttributesW
FindFirstFileW
GetPrivateProfileStringW
FreeLibrary
LoadLibraryExW
ReadFile
MultiByteToWideChar
FindClose
FindNextFileW
LeaveCriticalSection
GetCurrentThread
EnterCriticalSection
SetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateEventW
CreateThread
GetExitCodeThread
SetLastError
GetVersionExW
GetFileSizeEx
MulDiv
GetTickCount
LoadLibraryW
GlobalAddAtomW
FormatMessageW
LocalAlloc
GetFileSize
GetCommandLineW
LockResource
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
LoadResource
SizeofResource
FindResourceW
FindResourceExW
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalUnlock
TerminateThread
Module32FirstW
Module32NextW
DeleteCriticalSection
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
IsBadStringPtrW
OpenEventW
ReadProcessMemory
lstrcmpiW
GetEnvironmentVariableW
VirtualQueryEx
GetCurrentProcessId
SetFilePointer
GetSystemDirectoryW
SearchPathW
OpenThread
GetThreadContext
SuspendThread
ResumeThread
Thread32First
Thread32Next
ResetEvent
QueryPerformanceCounter
QueryPerformanceFrequency
IsBadReadPtr
GlobalFree
GlobalMemoryStatusEx
SetProcessWorkingSetSize
TerminateProcess
GetProcessId
PulseEvent
DeleteFileW
SetPriorityClass
GetComputerNameW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
GetLogicalProcessorInformation
GlobalMemoryStatus
VirtualAlloc
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetProcessWorkingSetSize
DeviceIoControl
DuplicateHandle
OutputDebugStringW
GetDriveTypeW
GetCurrentDirectoryW
CreateJobObjectW
IsProcessInJob
WideCharToMultiByte
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GetNativeSystemInfo
LoadLibraryA
ExpandEnvironmentStringsA
FreeLibraryAndExitThread
GetStringTypeW
Sleep
GetModuleHandleExW
ExitProcess
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
InitializeCriticalSection
SetErrorMode
GetLastError
ExitThread
GetCurrentProcess
OpenProcess
GetLongPathNameW
LocalFree
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetVersion
GetProcAddress
TlsGetValue
SwitchToThread
TlsFree
CompareStringW
LCMapStringW
GetCPInfo
IsDebuggerPresent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
SetStdHandle
SetFilePointerEx
WriteConsoleW
SetEndOfFile
ReadConsoleW
GetStdHandle
GetFileType
GetCurrentThreadId
CreateFileW
QueryInformationJobObject
EncodePointer

user32

IsIconic
SetMenuItemInfoW
GetWindowDC
EndTask
RegisterWindowMessageW
DrawEdge
GetMessageW
TranslateMessage
DispatchMessageW
ExitWindowsEx
PostQuitMessage
IsWindow
SetLayeredWindowAttributes
CreateDialogParamW
GetDlgItemTextW
IsWindowEnabled
LoadAcceleratorsW
TranslateAcceleratorW
LoadMenuW
DrawMenuBar
CreateMenu
RemoveMenu
TrackPopupMenu
GetMenuInfo
SetMenuInfo
EndMenu
RedrawWindow
WindowFromPoint
CheckMenuRadioItem
DrawIconEx
IsDialogMessageW
LockWorkStation
IsHungAppWindow
PeekMessageW
SendMessageTimeoutW
CheckRadioButton
GetDlgCtrlID
MsgWaitForMultipleObjects
KillTimer
GetDesktopWindow
GetWindow
GetGuiResources
LoadBitmapW
CopyImage
GetWindowLongW
PtInRect
UnionRect
CopyRect
ScreenToClient
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
IsZoomed
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DrawFrameControl
ChildWindowFromPoint
SetDlgItemTextW
DialogBoxParamW
GetMonitorInfoW
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
GetScrollInfo
SetScrollInfo
GetParent
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
OffsetRect
IntersectRect
InflateRect
FillRect
GetSysColorBrush
GetSysColor
MapWindowPoints
GetCursorPos
GetWindowRect
GetClientRect
GetPropW
SetPropW
ScrollWindowEx
ValidateRect
InvalidateRect
GetUpdateRgn
GetUpdateRect
EndPaint
BeginPaint
UpdateWindow
DrawTextW
SetTimer
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetFocus
SetWindowPos
CreateWindowExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
PostMessageW
LoadStringW
ReleaseDC
GetDC
EnumDisplaySettingsW
LoadImageW
DestroyIcon
LoadCursorW
GetWindowThreadProcessId
FindWindowExW
FindWindowW
SetCursor
MessageBoxW
SetForegroundWindow
DeleteMenu
InsertMenuW
GetSubMenu
CheckMenuItem
GetMenu
GetSystemMetrics
SetFocus
ShowWindow
MonitorFromPoint
EnumWindows
SetClassLongW
ClientToScreen
GetWindowTextW
InvalidateRgn
TrackPopupMenuEx
ModifyMenuW
AppendMenuW
GetMenuItemCount
GetMenuItemID
WaitForInputIdle
EnableMenuItem
CreatePopupMenu
EnableWindow
IsDlgButtonChecked
CheckDlgButton
SendMessageW
GetWindowPlacement
LoadIconW
SetWindowPlacement
DefMDIChildProcW
DefFrameProcW
DefDlgProcW
CreateIconIndirect
FrameRect
IsWindowVisible
ShowWindowAsync
DestroyWindow
GetClassNameW
EnumChildWindows
MoveWindow
SetWindowLongW

advapi32

RevertToSelf
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
RegSetValueExW
RegUnLoadKeyW
RegQueryValueW
EqualSid
AllocateAndInitializeSid
FreeSid
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
LookupAccountSidW
LookupAccountNameW
CryptDestroyHash
RegDeleteValueW
CloseServiceHandle
GetServiceDisplayNameW
OpenSCManagerW
OpenServiceW
QueryServiceConfig2W
RegCloseKey
QueryServiceStatus
StartServiceW
RegCreateKeyW
MapGenericMask
QueryServiceObjectSecurity
SetServiceObjectSecurity
StartTraceW
ControlTraceW
OpenTraceW
ProcessTrace
CloseTrace
GetLengthSid
LookupPrivilegeValueW
ImpersonateLoggedOnUser
DuplicateTokenEx
RegCreateKeyExW
RegDeleteKeyW
CopySid
QueryServiceConfigW
SetTokenInformation
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
InitializeAcl
ControlService
RegQueryValueExW
AddAce
GetAce
RegEnumKeyW
RegEnumValueW
RegLoadKeyW
AddAccessAllowedAce
CreateRestrictedToken
GetSecurityInfo
SetSecurityInfo
LsaFreeMemory
LsaClose
LsaOpenPolicy
LsaEnumerateAccountRights
ConvertSidToStringSidW
FlushTraceW
RegConnectRegistryW
CreateProcessAsUserW
GetKernelObjectSecurity
SetKernelObjectSecurity
LookupPrivilegeNameW
EnumServicesStatusExW
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyW

shell32

SHGetFileInfoW
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
Shell_NotifyIconW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitialize
CoSetProxyBlanket

oleaut32

SafeArrayGetElement
SysAllocString
SysFreeString
SafeArrayUnaccessData
SysAllocStringByteLen
VariantInit
VariantClear
VariantCopy
SysStringLen
VariantChangeType
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SysAllocStringLen

winhttp

WinHttpReadData
WinHttpWriteData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpConnect
WinHttpOpen
WinHttpCloseHandle

psapi

QueryWorkingSet
GetMappedFileNameW
GetModuleFileNameExW

Sections

.text
Size: 869KB - Virtual size: 869KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 297KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 191KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1d93e5d6f71d30385be0c8d6aec3cc8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

iphlpapi

ws2_32

mpr

comctl32

version

credui

setupapi

crypt32

aclui

powrprof

wtsapi32

uxtheme

ntdll

gdi32

comdlg32

kernel32

user32

advapi32

shell32

ole32

oleaut32

winhttp

psapi

Sections

.text Size: 783KB - Virtual size: 782KB

.rdata Size: 208KB - Virtual size: 207KB

.data Size: 33KB - Virtual size: 170KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 49KB - Virtual size: 49KB

5661df91e0adea62bc4b6df68cc4048e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

iphlpapi

ws2_32

mpr

comctl32

version

credui

setupapi

crypt32

aclui

powrprof

wtsapi32

uxtheme

ntdll

gdi32

comdlg32

kernel32

user32

advapi32

shell32

ole32

oleaut32

winhttp

psapi

Sections

.text Size: 869KB - Virtual size: 869KB

.rdata Size: 297KB - Virtual size: 297KB

.data Size: 41KB - Virtual size: 182KB

.pdata Size: 31KB - Virtual size: 31KB

.rsrc Size: 191KB - Virtual size: 192KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 783KB - Virtual size: 782KB

.rdata
Size: 208KB - Virtual size: 207KB

.data
Size: 33KB - Virtual size: 170KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 49KB - Virtual size: 49KB

.text
Size: 869KB - Virtual size: 869KB

.rdata
Size: 297KB - Virtual size: 297KB

.data
Size: 41KB - Virtual size: 182KB

.pdata
Size: 31KB - Virtual size: 31KB

.rsrc
Size: 191KB - Virtual size: 192KB

.reloc
Size: 6KB - Virtual size: 5KB