295b9467242ffd0d1e31974abb86b2e0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

295b9467242ffd0d1e31974abb86b2e0N.exe
Size

580KB
MD5

295b9467242ffd0d1e31974abb86b2e0
SHA1

4294a12f5c579818f12ff640c6f9050ee83374a7
SHA256

c6921322345430afa00d52c102743511c57e26c65466fb813e38f4c4fc1ba7c2
SHA512

74abf081b7ddbcf4fd0d3e1f07718e7a74961a0d9522908fb52234b08d2ed0cfa0c70ef0cd8d5837b666e0f03233b19eb0fa3c3160f31b81ab6e30ed413effac
SSDEEP

12288:sb9CUPXAl01bP5LuzS66LY3Tdw/8NpBoIwxNspBjvrEH7CQ:s9CUPwWD5am6gga8NpKIwxi3rEH7CQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
295b9467242ffd0d1e31974abb86b2e0N.exe
unpack001/Regshot.exe
unpack001/Regshot64.exe
unpack001/uninst.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

295b9467242ffd0d1e31974abb86b2e0N.exe
.exe windows:4 windows x86 arch:x86

b78ecf47c0a3e24a6f4af114e2d1f5de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
GetFileAttributesA
SetFileAttributesA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
GetFullPathNameA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
CloseHandle
SetCurrentDirectoryA
MoveFileA
CompareFileTime
GetShortPathNameA
SearchPathA
lstrcmpiA
SetFileTime
lstrcmpA
ExpandEnvironmentStringsA
GlobalUnlock
GetDiskFreeSpaceA
GlobalFree
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Regshot.exe
.exe windows:5 windows x86 arch:x86

a17c1245fbe8bdea436b98f9df8d6965

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\temp.cpp\Regshot\Regshot.70\bin\ReleaseStatic\Regshot.pdb

Imports

secur32

GetUserNameExW

mpr

WNetCancelConnectionW
WNetAddConnection2W

kernel32

TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
FindResourceExW
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesW
GetFileTime
GetStartupInfoW
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
Sleep
ExitProcess
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
VirtualFree
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
GetTimeZoneInformation
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetThreadLocale
DeleteCriticalSection
GlobalFlags
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
VirtualProtect
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
LoadLibraryA
GetVersionExA
GetCurrentProcessId
FreeLibrary
GetModuleHandleA
GlobalAlloc
MulDiv
MultiByteToWideChar
GlobalLock
GlobalUnlock
GlobalFree
SetFileAttributesW
CopyFileW
GetTempPathW
GetTickCount
ReadFile
GetFileSizeEx
MapViewOfFile
CreateFileMappingW
GetFileSize
UnmapViewOfFile
lstrlenA
FlushFileBuffers
VirtualAlloc
CreateProcessW
InitializeCriticalSection
WaitForMultipleObjects
QueryPerformanceFrequency
QueryPerformanceCounter
GetTimeFormatW
GetDateFormatW
FreeResource
IsValidCodePage
WriteFile
GetLocalTime
SetFilePointer
GetCurrentProcess
DeleteFileW
CreateFileW
FormatMessageW
CreateDirectoryW
ResumeThread
SetWaitableTimer
CreateWaitableTimerW
CloseHandle
CreateRemoteThread
InterlockedExchange
WideCharToMultiByte
HeapReAlloc
GetDriveTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
FileTimeToSystemTime
lstrcpynW
HeapDestroy
InterlockedDecrement
HeapFree
InterlockedIncrement
HeapAlloc
HeapCreate
WritePrivateProfileSectionW
lstrcmpW
lstrcpyW
GetPrivateProfileSectionW
LeaveCriticalSection
EnterCriticalSection
WritePrivateProfileStringW
GetPrivateProfileIntW
FindClose
FindNextFileW
FindFirstFileW
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError
ExpandEnvironmentStringsW
FindResourceW
LoadResource
LockResource
SizeofResource
LocalFree
GetPrivateProfileStringW
lstrlenW
lstrcmpiW
GetPrivateProfileSectionNamesW
LocalAlloc
GetModuleFileNameW

user32

PostThreadMessageW
RegisterClipboardFormatW
CharUpperW
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
CopyAcceleratorTableW
SetRect
IsRectEmpty
CharNextW
UnregisterClassW
LoadCursorW
GetSysColorBrush
SetCursor
GetMessageW
TranslateMessage
ValidateRect
SetWindowContextHelpId
PostQuitMessage
WindowFromPoint
MapDialogRect
GetAsyncKeyState
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
DispatchMessageW
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DefWindowProcW
CallWindowProcW
PtInRect
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowThreadProcessId
GetLastActivePopup
UnhookWindowsHookEx
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
CopyRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetMenuState
CheckMenuItem
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
EndDialog
GetWindowTextW
GetFocus
SetWindowPos
IsWindowEnabled
IsDialogMessageW
SendDlgItemMessageW
GetWindow
DestroyIcon
InvalidateRect
SetWindowLongW
GetWindowLongW
MoveWindow
ScreenToClient
SetWindowTextW
PostMessageW
SetDlgItemTextW
SetFocus
GetDlgItemTextW
GetWindowTextLengthW
ClientToScreen
GetDlgCtrlID
GetSubMenu
GetWindowRect
LoadMenuW
DrawIcon
IsIconic
LoadIconW
IsWindow
MessageBeep
ShowWindow
UpdateWindow
SetMenuItemInfoW
SetMenuDefaultItem
EnableMenuItem
GetMenuItemID
GetMenuItemCount
DrawMenuBar
ModifyMenuW
wsprintfW
ReleaseDC
wsprintfA
GetDlgItem
GetParent
EnableWindow
DestroyMenu
TrackPopupMenu
GetCursorPos
AppendMenuW
CreatePopupMenu
SendMessageW
GetSystemMetrics
GetClientRect
LoadBitmapW
GetSysColor
GetDC
MessageBoxW

gdi32

GetTextColor
ExtSelectClipRgn
GetRgnBox
GetBkColor
EnumFontFamiliesExW
GetMapMode
GetStockObject
SetDIBColorTable
SelectObject
DeleteDC
DeleteObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
GetDeviceCaps
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateRectRgnIndirect
CreateBitmap
GetTextExtentPoint32W
BitBlt
CreateCompatibleBitmap
CreateDIBSection
GetObjectW
CreateCompatibleDC

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegConnectRegistryW
RegUnLoadKeyW
RegLoadKeyW
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW

shell32

SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFolderLocation
SHBindToParent
SHFileOperationW

comctl32

ord17

shlwapi

StrRetToBufW
PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CoInitializeEx
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

OleCreateFontIndirect
SysFreeString
SysAllocString
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantClear
VariantChangeType
VariantInit
SafeArrayDestroy
VariantCopy

gdiplus

GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipGetImageWidth
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown
GdipGetImageHeight
GdipGetImagePixelFormat
GdipAlloc
GdiplusStartup
GdipCreateBitmapFromFile

Sections

.text
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Regshot64.exe
.exe windows:5 windows x64 arch:x64

23f72123f56ba55d73dc3c4c7d869cdb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\temp.cpp\Regshot\Regshot.70\bin\ReleaseStatic64\Regshot64.pdb

Imports

secur32

GetUserNameExW

mpr

WNetAddConnection2W
WNetCancelConnectionW

kernel32

GlobalHandle
TlsSetValue
LocalReAlloc
TlsFree
FindResourceExW
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesW
GetFileTime
GetStartupInfoW
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
Sleep
ExitProcess
HeapQueryInformation
HeapSize
SetUnhandledExceptionFilter
GlobalReAlloc
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
GetTimeZoneInformation
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
TlsAlloc
TlsGetValue
GetThreadLocale
DeleteCriticalSection
GlobalFlags
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
VirtualProtect
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
LoadLibraryA
GetVersionExA
GetCurrentProcessId
FreeLibrary
GetModuleHandleA
GlobalAlloc
MulDiv
MultiByteToWideChar
GlobalLock
GlobalUnlock
GlobalFree
SetFileAttributesW
CopyFileW
GetTempPathW
GetTickCount
ReadFile
GetFileSizeEx
MapViewOfFile
CreateFileMappingW
GetFileSize
UnmapViewOfFile
lstrlenA
FlushFileBuffers
VirtualAlloc
CreateProcessW
InitializeCriticalSection
WaitForMultipleObjects
QueryPerformanceFrequency
QueryPerformanceCounter
GetTimeFormatW
GetDateFormatW
FreeResource
IsValidCodePage
WriteFile
GetLocalTime
SetFilePointer
GetCurrentProcess
DeleteFileW
CreateFileW
FormatMessageW
CreateDirectoryW
ResumeThread
SetWaitableTimer
CreateWaitableTimerW
CloseHandle
CreateRemoteThread
WideCharToMultiByte
HeapReAlloc
GetDriveTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
FileTimeToSystemTime
lstrcpynW
HeapDestroy
HeapFree
HeapAlloc
HeapCreate
WritePrivateProfileSectionW
lstrcmpW
lstrcpyW
GetPrivateProfileSectionW
LeaveCriticalSection
EnterCriticalSection
WritePrivateProfileStringW
GetPrivateProfileIntW
FindClose
FindNextFileW
FindFirstFileW
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError
ExpandEnvironmentStringsW
FindResourceW
LoadResource
LockResource
SizeofResource
LocalFree
GetPrivateProfileStringW
lstrlenW
lstrcmpiW
GetPrivateProfileSectionNamesW
LocalAlloc
GetModuleFileNameW
GetStdHandle

user32

PostThreadMessageW
RegisterClipboardFormatW
CharUpperW
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
UnregisterClassW
LoadCursorW
GetSysColorBrush
SetCursor
GetMessageW
TranslateMessage
ValidateRect
SetWindowContextHelpId
PostQuitMessage
WindowFromPoint
MapDialogRect
GetAsyncKeyState
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
DispatchMessageW
GetTopWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DefWindowProcW
CallWindowProcW
PtInRect
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
UnhookWindowsHookEx
EndPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
CopyRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetMenuState
CheckMenuItem
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
EndDialog
GetWindowTextW
GetFocus
SetWindowPos
IsWindowEnabled
IsDialogMessageW
SendDlgItemMessageW
GetWindow
DestroyIcon
InvalidateRect
SetWindowLongW
GetWindowLongW
MoveWindow
ScreenToClient
SetWindowTextW
PostMessageW
SetDlgItemTextW
SetFocus
GetDlgItemTextW
GetWindowTextLengthW
ClientToScreen
GetDlgCtrlID
GetSubMenu
GetWindowRect
LoadMenuW
DrawIcon
IsIconic
LoadIconW
IsWindow
MessageBeep
ShowWindow
UpdateWindow
SetMenuItemInfoW
SetMenuDefaultItem
EnableMenuItem
GetMenuItemID
GetMenuItemCount
DrawMenuBar
ModifyMenuW
wsprintfW
ReleaseDC
wsprintfA
GetDlgItem
GetParent
EnableWindow
DestroyMenu
TrackPopupMenu
GetCursorPos
AppendMenuW
CreatePopupMenu
SendMessageW
GetSystemMetrics
GetClientRect
LoadBitmapW
GetSysColor
GetDC
BeginPaint

gdi32

GetRgnBox
GetTextColor
GetBkColor
ExtSelectClipRgn
EnumFontFamiliesExW
GetMapMode
GetStockObject
SetDIBColorTable
SelectObject
DeleteDC
DeleteObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
GetDeviceCaps
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateRectRgnIndirect
CreateBitmap
GetTextExtentPoint32W
BitBlt
CreateCompatibleBitmap
CreateDIBSection
GetObjectW
CreateCompatibleDC

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegConnectRegistryW
RegUnLoadKeyW
RegLoadKeyW
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW

shell32

SHFileOperationW
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFolderLocation
SHBindToParent

comctl32

ord17

shlwapi

StrRetToBufW
PathRemoveFileSpecW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CoInitializeEx
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

OleCreateFontIndirect
SysFreeString
SysAllocString
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantClear
VariantChangeType
SafeArrayDestroy
VariantCopy
VariantInit

gdiplus

GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipGetImageWidth
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown
GdipGetImageHeight
GdipGetImagePixelFormat
GdipAlloc
GdiplusStartup
GdipCreateBitmapFromFile

Sections

.text
Size: 461KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
english.bmp
korean.bmp
language.ini
regshot.ini
regshot.url
uninst.exe
.exe windows:4 windows x86 arch:x86

b78ecf47c0a3e24a6f4af114e2d1f5de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
GetFileAttributesA
SetFileAttributesA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
GetFullPathNameA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
CloseHandle
SetCurrentDirectoryA
MoveFileA
CompareFileTime
GetShortPathNameA
SearchPathA
lstrcmpiA
SetFileTime
lstrcmpA
ExpandEnvironmentStringsA
GlobalUnlock
GetDiskFreeSpaceA
GlobalFree
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b78ecf47c0a3e24a6f4af114e2d1f5de

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 105KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 2KB - Virtual size: 2KB

a17c1245fbe8bdea436b98f9df8d6965

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

secur32

mpr

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

Sections

.text Size: 368KB - Virtual size: 368KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 35KB - Virtual size: 35KB

.reloc Size: 46KB - Virtual size: 46KB

23f72123f56ba55d73dc3c4c7d869cdb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

secur32

mpr

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

Sections

.text Size: 461KB - Virtual size: 461KB

.rdata Size: 154KB - Virtual size: 153KB

.data Size: 16KB - Virtual size: 39KB

.pdata Size: 30KB - Virtual size: 30KB

.rsrc Size: 35KB - Virtual size: 35KB

.reloc Size: 16KB - Virtual size: 16KB

b78ecf47c0a3e24a6f4af114e2d1f5de

Headers

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 105KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 368KB - Virtual size: 368KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 46KB - Virtual size: 46KB

.text
Size: 461KB - Virtual size: 461KB

.rdata
Size: 154KB - Virtual size: 153KB

.data
Size: 16KB - Virtual size: 39KB

.pdata
Size: 30KB - Virtual size: 30KB

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 16KB - Virtual size: 16KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 105KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 2KB