trashreg_setup[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

trashreg_setup.exe
Size

560KB
MD5

eff7cf3c4c1f5d91cf71b28aa13aabab
SHA1

231cc20a9812d92fa9ba775f642fdb965a79a839
SHA256

01c620c9ec624435b6023127bcee9c16fa433f53dcc185738605d0bc241a62fb
SHA512

63e5622a21dc27b5c859c517515af4ba084a34aa7e099a5793861a242e4bd06f0826a85c3f890e7507169a833f53f305b9ff11cf079b187ad121ffae377876da
SSDEEP

12288:aom9BlzaGKy7OxjY0Ph8XMXnG9rESAFGBMWkeHkelo+k35Bxa:aom9zXLOxjY0y0nG9rESAFG6LeHZlo+j

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/TrashReg.exe	upx
static1/unpack001/TrashRegX64.exe	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
trashreg_setup.exe
unpack001/$PLUGINSDIR/System.dll
unpack001/TrashReg.exe
unpack001/TrashRegX64.exe
unpack001/rtkf_uninst.exe
unpack002/$PLUGINSDIR/System.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/rtkf_uninst.exe	nsis_installer_1
static1/unpack001/rtkf_uninst.exe	nsis_installer_2

Files

trashreg_setup.exe
.exe windows:4 windows x86 arch:x86

4f67aeda01a0484282e8c59006b0b352

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetFileAttributesA
SetFileAttributesA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
GetCurrentProcess
GetFullPathNameA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
CloseHandle
SetCurrentDirectoryA
MoveFileA
CompareFileTime
GetShortPathNameA
SearchPathA
lstrcmpiA
SetFileTime
lstrcmpA
ExpandEnvironmentStringsA
lstrcpynA
SetErrorMode
GlobalFree
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DisableNewSearches.reg
File_id.diz
Help/rtkf_deu.chm
.chm
Help/rtkf_eng.chm
.chm
Help/rtkf_esp.chm
.chm
Help/rtkf_rus.chm
.chm
ReadMe.Deu.txt
ReadMe.Eng.txt
ReadMe.Esp.txt
ReadMe.Rus.txt
TrashReg.exe
.exe windows:4 windows x86 arch:x86

f0b564eb7de6cdd212d965252f6e2279

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

ExcludeClipRect

oleaut32

SysAllocStringLen

advapi32

RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegDeleteValueW
RegQueryValueExA

kernel32

DeleteFileW
SetEnvironmentVariableA
GetCurrentProcess
RtlMoveMemory
SetFileAttributesA
FreeLibrary
ExpandEnvironmentStringsA
lstrlenW
GetEnvironmentVariableA
OutputDebugStringA
DeleteFileA
WriteFile
VirtualProtect
ExitProcess

user32

SetWindowPos
LoadImageA
GetWindowRect
GetMenuItemCount
MoveWindow
DestroyWindow
ReleaseDC
IsWindowVisible
ShowWindow
GetSystemMetrics
SetRect
GetWindow
GetWindowDC
GetClientRect

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
ord690
__vbaStrI2
__vbaNextEachAry
ord691
_CIcos
_adj_fptan
ord692
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLineInputStr
__vbaGosubReturn
__vbaLenBstr
__vbaStrVarMove
ord696
__vbaPut3
ord697
__vbaFreeVarList
_adj_fdiv_m64
ord698
EVENT_SINK_Invoke
__vbaVarIndexStore
__vbaRaiseEvent
__vbaNextEachVar
__vbaFreeObjList
ord516
ord517
__vbaStrErrVarCopy
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord519
__vbaI4Sgn
__vbaCopyBytes
__vbaStrCat
__vbaVarTextTstEq
ord553
__vbaLsetFixstr
__vbaBoolErrVar
ord660
ord661
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
__vbaLenBstrB
ord556
ord665
__vbaLenVar
ord558
_adj_fdiv_m32
ord667
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaVarIndexLoadRefLock
ord591
ord669
ord592
__vbaForEachCollObj
__vbaBoolStr
__vbaVarForInit
ord593
__vbaExitProc
ord301
__vbaStrLike
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
ord599
__vbaStrFixstr
__vbaForEachCollVar
__vbaBoolVar
ord307
ord521
__vbaStrTextCmp
__vbaRefVarAry
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
VarPtr
ord709
__vbaErase
ord631
__vbaVargVarMove
__vbaNextEachCollObj
__vbaVarCmpGt
__vbaVarZero
ord525
__vbaChkstk
__vbaCyVar
ord526
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
ord527
ord528
ord529
__vbaStrCmp
__vbaPutOwner3
__vbaGet4
__vbaVarTstEq
__vbaAryConstruct2
__vbaPutOwner4
__vbaStrTextLike
__vbaCyI4
ord560
ord561
__vbaVarLikeVar
__vbaNextEachCollVar
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
ord710
__vbaStr2Vec
__vbaExceptHandler
ord711
__vbaStrToUnicode
__vbaPrintFile
ord712
__vbaDateStr
ord606
_adj_fprem
_adj_fdivr_m64
__vbaR8ErrVar
__vbaGosub
ord608
ord531
__vbaFPException
ord717
__vbaInStrVar
ord319
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaGetOwner4
__vbaVarCat
ord534
__vbaCheckType
__vbaDateVar
ord535
__vbaI2Var
ord536
ord644
ord537
ord538
ord645
_CIlog
ord539
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
__vbaNew2
ord648
__vbaCyMulI2
__vbaVarTextLikeVar
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
ord681
__vbaVarNot
__vbaVarCmpLt
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord685
ord100
__vbaI4Var
__vbaForEachAry
__vbaVarCmpEq
ord689
ord610
__vbaInStrB
__vbaAryLock
__vbaVarAdd
ord320
__vbaStrComp
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaAryVarVarg
__vbaFpI2
__vbaVarLateMemCallLd
ord616
__vbaVarCopy
__vbaFpI4
__vbaRecDestructAnsi
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaCastObj
ord618
__vbaI4Cy
__vbaForEachVar
ord619
__vbaStrVarCopy
ord542
ord543
ord650
_allmul
ord544
__vbaLateIdSt
ord652
ord545
__vbaAryRecCopy
_CItan
ord546
ord547
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
ord580
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
__vbaRecAssign
ord581

Sections

.text
Size: - Virtual size: 605KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: 400KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TrashRegX64.exe
.exe windows:4 windows x86 arch:x86

f0b564eb7de6cdd212d965252f6e2279

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

ExcludeClipRect

oleaut32

SysAllocStringLen

advapi32

RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegDeleteValueW
RegQueryValueExA

kernel32

DeleteFileW
SetEnvironmentVariableA
GetCurrentProcess
RtlMoveMemory
SetFileAttributesA
FreeLibrary
ExpandEnvironmentStringsA
lstrlenW
GetEnvironmentVariableA
OutputDebugStringA
DeleteFileA
WriteFile
VirtualProtect
ExitProcess

user32

SetWindowPos
LoadImageA
GetWindowRect
GetMenuItemCount
MoveWindow
DestroyWindow
ReleaseDC
IsWindowVisible
ShowWindow
GetSystemMetrics
SetRect
GetWindow
GetWindowDC
GetClientRect

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarTstGt
__vbaVarSub
ord690
__vbaStrI2
__vbaNextEachAry
ord691
_CIcos
_adj_fptan
ord692
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLineInputStr
__vbaGosubReturn
__vbaLenBstr
__vbaStrVarMove
ord696
__vbaPut3
ord697
__vbaFreeVarList
_adj_fdiv_m64
ord698
EVENT_SINK_Invoke
__vbaVarIndexStore
__vbaRaiseEvent
__vbaNextEachVar
__vbaFreeObjList
ord516
ord517
__vbaStrErrVarCopy
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord519
__vbaI4Sgn
__vbaCopyBytes
__vbaStrCat
__vbaVarTextTstEq
ord553
__vbaLsetFixstr
__vbaBoolErrVar
ord660
ord661
__vbaSetSystemError
__vbaRecDestruct
__vbaHresultCheckObj
__vbaLenBstrB
ord556
ord665
__vbaLenVar
ord558
_adj_fdiv_m32
ord667
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaVarIndexLoadRefLock
ord591
ord669
ord592
__vbaForEachCollObj
__vbaBoolStr
__vbaVarForInit
ord593
__vbaExitProc
ord301
__vbaStrLike
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
ord599
__vbaStrFixstr
__vbaForEachCollVar
__vbaBoolVar
ord307
ord521
__vbaStrTextCmp
__vbaRefVarAry
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
VarPtr
ord709
__vbaErase
ord631
__vbaVargVarMove
__vbaNextEachCollObj
__vbaVarCmpGt
__vbaVarZero
ord525
__vbaChkstk
__vbaCyVar
ord526
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
ord527
ord528
ord529
__vbaStrCmp
__vbaPutOwner3
__vbaGet4
__vbaVarTstEq
__vbaAryConstruct2
__vbaPutOwner4
__vbaStrTextLike
__vbaCyI4
ord560
ord561
__vbaVarLikeVar
__vbaNextEachCollVar
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
ord710
__vbaStr2Vec
__vbaExceptHandler
ord711
__vbaStrToUnicode
__vbaPrintFile
ord712
__vbaDateStr
ord606
_adj_fprem
_adj_fdivr_m64
__vbaR8ErrVar
__vbaGosub
ord608
ord531
__vbaFPException
ord717
__vbaInStrVar
ord319
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaGetOwner4
__vbaVarCat
ord534
__vbaCheckType
__vbaDateVar
ord535
__vbaI2Var
ord536
ord644
ord537
ord538
ord645
_CIlog
ord539
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
__vbaNew2
ord648
__vbaCyMulI2
__vbaVarTextLikeVar
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
ord681
__vbaVarNot
__vbaVarCmpLt
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord685
ord100
__vbaI4Var
__vbaForEachAry
__vbaVarCmpEq
ord689
ord610
__vbaInStrB
__vbaAryLock
__vbaVarAdd
ord320
__vbaStrComp
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaAryVarVarg
__vbaFpI2
__vbaVarLateMemCallLd
ord616
__vbaVarCopy
__vbaFpI4
__vbaRecDestructAnsi
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaCastObj
ord618
__vbaI4Cy
__vbaForEachVar
ord619
__vbaStrVarCopy
ord542
ord543
ord650
_allmul
ord544
__vbaLateIdSt
ord652
ord545
__vbaAryRecCopy
_CItan
ord546
ord547
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
ord580
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
__vbaRecAssign
ord581

Sections

.text
Size: - Virtual size: 605KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: 400KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
rtkf_uninst.exe
.exe windows:4 windows x86 arch:x86

4f67aeda01a0484282e8c59006b0b352

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetFileAttributesA
SetFileAttributesA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
GetCurrentProcess
GetFullPathNameA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
CloseHandle
SetCurrentDirectoryA
MoveFileA
CompareFileTime
GetShortPathNameA
SearchPathA
lstrcmpiA
SetFileTime
lstrcmpA
ExpandEnvironmentStringsA
lstrcpynA
SetErrorMode
GlobalFree
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f67aeda01a0484282e8c59006b0b352

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 106KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 4KB - Virtual size: 4KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 851B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 608B

f0b564eb7de6cdd212d965252f6e2279

Headers

File Characteristics

Imports

gdi32

oleaut32

advapi32

kernel32

user32

msvbvm60

Sections

.text Size: - Virtual size: 605KB

.data Size: - Virtual size: 17KB

.rsrc Size: 24KB - Virtual size: 119KB

.UPX0 Size: - Virtual size: 129KB

.UPX1 Size: 400KB - Virtual size: 397KB

f0b564eb7de6cdd212d965252f6e2279

Headers

File Characteristics

Imports

gdi32

oleaut32

advapi32

kernel32

user32

msvbvm60

Sections

.text Size: - Virtual size: 605KB

.data Size: - Virtual size: 17KB

.rsrc Size: 24KB - Virtual size: 119KB

.UPX0 Size: - Virtual size: 129KB

.UPX1 Size: 400KB - Virtual size: 397KB

4f67aeda01a0484282e8c59006b0b352

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 851B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 608B

.text
Size: - Virtual size: 605KB

.data
Size: - Virtual size: 17KB

.rsrc
Size: 24KB - Virtual size: 119KB

.UPX0
Size: - Virtual size: 129KB

.UPX1
Size: 400KB - Virtual size: 397KB

.text
Size: - Virtual size: 605KB

.data
Size: - Virtual size: 17KB

.rsrc
Size: 24KB - Virtual size: 119KB

.UPX0
Size: - Virtual size: 129KB

.UPX1
Size: 400KB - Virtual size: 397KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 851B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 608B