f0bf891a50029dd9b54935449a3f7e9df25fb318d2ba4ae09446702856d52065

Sharing

Copy URL Twitter E-mail

General

Target

f0bf891a50029dd9b54935449a3f7e9df25fb318d2ba4ae09446702856d52065
Size

1.7MB
MD5

08afe34ed8282a9e90cc3669d2925d4b
SHA1

58e1b6e37e55d7d08f657109572a22796ef53403
SHA256

f0bf891a50029dd9b54935449a3f7e9df25fb318d2ba4ae09446702856d52065
SHA512

6ba2fc15d1820e13b5f14a248588be903dedb56fd18f1de3e96be97da58f309d4378976a109311c5c34fd2b7f721c9d2325ef6cfd3724b5925689f9b448f6aec
SSDEEP

24576:vTmedTuEFfMrKf6EQg4qqfbT2T+wrTjSiY2frN/JkRVXmPjgMo3TEZ4TqIMNpyW:vTmeAEFfDf6EQgY/2qE7rR0V28MozToR

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
f0bf891a50029dd9b54935449a3f7e9df25fb318d2ba4ae09446702856d52065
unpack001/$PLUGINSDIR/LogEx.dll
unpack001/$PLUGINSDIR/StdUtils.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsProcess.dll
unpack001/$PLUGINSDIR/nsisdui.dll

Files

f0bf891a50029dd9b54935449a3f7e9df25fb318d2ba4ae09446702856d52065
.exe windows:4 windows x86 arch:x86

6e7f9a29f2c85394521a08b9f31f6275

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BG_install_uninstall.png
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/Close.png
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/Close_select.png
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/LogEx.dll
.dll windows:4 windows x86 arch:x86

549d7b44067bbcdf42bf6a90a80a3a9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
CreateFileW
CloseHandle
GlobalFree
GlobalAlloc
VirtualFree
ReadFile
VirtualAlloc
GetFileSize
lstrcpyW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
InterlockedDecrement
InterlockedIncrement

user32

FindWindowExW
GetDlgItem
SendMessageW
SetWindowTextW

Exports

Exports

AddFile
Close
Init
Write

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Select.png
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/Setup.ico
$PLUGINSDIR/StdUtils.dll
.dll windows:5 windows x86 arch:x86

c1155e0022a74f30ab224000138678e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\luobo1\windows_tools\Release\StdUtils.pdb

Imports

kernel32

GetVersionExW
GetLastError
RaiseException
FatalAppExitW
GetProcAddress
VerSetConditionMask
GetModuleHandleW
VerifyVersionInfoW
ReadFile
GetFileSizeEx
WriteFile
CreateFileW
CloseHandle
SetFilePointerEx
GetFileAttributesW
OutputDebugStringW
LoadLibraryW
FreeLibrary
GetCommandLineW
GetFullPathNameW
LocalFree
WaitForSingleObject
TerminateThread
OutputDebugStringA
InitializeCriticalSection
GetCurrentThreadId
DeleteCriticalSection
GetCurrentProcessId
SystemTimeToFileTime
GetSystemTime
SetUnhandledExceptionFilter
GetExitCodeProcess
InterlockedExchange
InterlockedDecrement
HeapValidate
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
WriteConsoleW
GetConsoleCP
FlushFileBuffers
GetConsoleMode
HeapReAlloc
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindNextFileA
FindFirstFileExA
TerminateProcess
GetCurrentProcess
GetTickCount
Sleep
FindClose
GetProcessHeap
GetOEMCP
IsValidCodePage
GetCPInfo
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
DecodePointer
GetFileType
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
GetStdHandle
GetStringTypeW
UnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
EncodePointer
InterlockedFlushSList
SetLastError
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetACP
HeapSize
ExitProcess
GetModuleFileNameA
HeapFree
HeapAlloc

user32

DispatchMessageW
MessageBoxW
PeekMessageW
MsgWaitForMultipleObjects
LoadStringW
DestroyWindow
CreateWindowExW
UnregisterClassW
SetTimer
RegisterClassW
KillTimer
MessageBoxA
wsprintfW
PostThreadMessageW
GetWindowThreadProcessId
AllowSetForegroundWindow

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHFileOperationW
ShellExecuteW
ord190
ShellExecuteExW
ord155

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocString
VariantInit
SysFreeString

crypt32

CryptUnprotectData
CryptProtectData

shlwapi

ord176

dbghelp

MiniDumpWriteDump

Exports

Exports

AppendToFile
ExecShellAsUser
ExecShellWaitEx
FormatStr
FormatStr2
FormatStr3
GetAllParameters
GetDays
GetDirectoryPart
GetDrivePart
GetExtensionPart
GetFileNamePart
GetHours
GetLibVersion
GetMinutes
GetOsEdition
GetOsReleaseId
GetOsReleaseName
GetParameter
GetParentPath
GetRealOsBuildNo
GetRealOsName
GetRealOsVersion
HashFile
HashText
InvokeShellVerb
NormalizePath
ParameterCnt
ParameterStr
ProtectStr
Rand
RandBytes
RandList
RandMax
RandMinMax
RevStr
SHFileCopy
SHFileMove
ScanStr
ScanStr2
ScanStr3
SetVerboseMode
SplitPath
StrFromUtf8
StrToUtf8
TestParameter
Time
TimerCreate
TimerDestroy
TrimStr
TrimStrLeft
TrimStrRight
UnprotectStr
ValidDomainName
ValidFileName
ValidPathSpec
VerifyRealOsBuildNo
VerifyRealOsVersion
WaitForProcEx

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UnSetup.ico
$PLUGINSDIR/Unselect.png
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/frame_shadow.png
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/guanbi_hover.png
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/guanbi_normal.png
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/guanbi_press.png
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/icon_custom_expand.png
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/icon_custom_shouqi.png
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/icon_error.png
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/icon_folder.png
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/instal_img.png
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/instal_logo.png
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/msgbox.xml
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:5 windows x86 arch:x86

439074d1c01f7b16781bdf060930814a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
OpenProcess
MultiByteToWideChar
lstrlenA
lstrlenW
LoadLibraryA
lstrcmpiW
lstrcpynW
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryW
GetVersionExW
GlobalFree
GlobalAlloc

user32

GetWindowThreadProcessId
EnumWindows
wsprintfW
PostMessageW

Exports

Exports

_CloseProcess
_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 927B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisdui.dll
.dll windows:5 windows x86 arch:x86

156b37dcc0d3ed7d8b187c89abdee363

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\luobo1\115setup\Release\nsisdui.pdb

Imports

kernel32

FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
GetACP
LocalFree
GetLastError
FormatMessageW
WriteFile
SetFilePointer
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryW
GetFileAttributesW
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetLocalTime
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
EncodePointer
InterlockedFlushSList
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
lstrlenW
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapAlloc
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
CreateFileW
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
HeapReAlloc
GetConsoleMode
ReadConsoleW
SetFilePointerEx
HeapSize
SetStdHandle
FlushFileBuffers
GetConsoleCP
WriteConsoleW
OutputDebugStringW
GetTickCount
CloseHandle
ReadFile
GetFileSize
GlobalUnlock
GlobalLock
VerifyVersionInfoW
GetModuleHandleA
LoadLibraryW
MulDiv
GetProcAddress
VerSetConditionMask
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
lstrcpynW
lstrcpyW
GlobalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentDirectoryW
GetOEMCP
GetModuleFileNameW
TlsAlloc
ExitProcess

user32

GetClassInfoExW
EnableWindow
SetWindowRgn
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
IsWindowEnabled
EqualRect
SetWindowTextW
GetWindowTextLengthW
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
SetForegroundWindow
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
UpdateLayeredWindow
ShowWindow
RegisterClassExW
DefWindowProcW
InflateRect
LoadCursorW
SetCursor
GetMonitorInfoW
LoadImageW
GetWindow
GetParent
IsRectEmpty
RegisterClassW
GetSysColor
MapWindowPoints
ScreenToClient
GetCursorPos
GetClientRect
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
SetFocus
IsZoomed
IsIconic
IsWindowVisible
DestroyWindow
CreateWindowExW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
MonitorFromPoint
ReleaseDC
GetDC
PtInRect
OffsetRect
IntersectRect
UpdateWindow
wsprintfW
GetWindowTextW
SetWindowLongW
SetPropW
CharNextW
PostQuitMessage
GetWindowRgn
IsWindow
SendMessageW
GetPropW
MessageBoxW
SetWindowPos
GetWindowRect
FindWindowExW
CallWindowProcW
GetWindowLongW
UnionRect
MoveWindow
MonitorFromWindow

ws2_32

WSAStartup
gethostname
gethostbyname

gdi32

RemoveFontMemResourceEx
CreateCompatibleBitmap
RestoreDC
SaveDC
BitBlt
AddFontMemResourceEx
Rectangle
CreateCompatibleDC
GetDeviceCaps
CreateDIBitmap
CreateFontIndirectW
CreatePen
DeleteDC
DeleteObject
SetBitmapBits
GetBitmapBits
GetTextExtentPointA
SelectObject
CloseEnhMetaFile
CreateEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRectRgn
PtInRegion
CreateDIBSection
CreateRoundRectRgn
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
GetObjectA
MoveToEx
TextOutW
GdiFlush
CreatePatternBrush
GetStockObject

shell32

DragQueryFileW

ole32

DoDragDrop
OleDuplicateData
CreateStreamOnHGlobal
CoCreateInstance
ReleaseStgMedium
CLSIDFromString
CLSIDFromProgID
OleLockRunning

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

comctl32

ord17
InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipRotateWorldTransform
GdipTranslateWorldTransform
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLine
ord1
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCloneImage
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipDrawPath
GdipFillRectangleI
GdipFillPath
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipDrawImageRectI

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

Exports

Exports

AddControl
AddFont
BindDirPageEdit
CenterWindow
GetChecked
GetDPI
GetEnabled
GetText
GetVisible
InitWindow
InitXmlWindow
Install
MyGetFocus
MySetFocus
OnClick
OnMouseEnter
OnMouseLeave
OnProgress
SetAttribute
SetBkImage
SetChecked
SetDefaultAttribute
SetEnabled
SetText
SetTooltip
SetVisible
SetWindowSize
ShowMsgBox

Sections

.text
Size: 468KB - Virtual size: 468KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/progress_gray.png
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/progress_green.png
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/progress_orange.png
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/radio_off.png
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/radio_on.png
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/[email protected]
.png
$PLUGINSDIR/shadow.png
.png

Sharing

General

Malware Config

Signatures

Files

6e7f9a29f2c85394521a08b9f31f6275

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 172KB

.ndata Size: - Virtual size: 196KB

.rsrc Size: 79KB - Virtual size: 79KB

549d7b44067bbcdf42bf6a90a80a3a9e

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 3KB

c1155e0022a74f30ab224000138678e8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

crypt32

shlwapi

dbghelp

Exports

Exports

Sections

.text Size: 204KB - Virtual size: 203KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 2KB - Virtual size: 6KB

.gfids Size: 512B - Virtual size: 328B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 9KB - Virtual size: 8KB

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 648B

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

File Characteristics

Imports

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 172KB

.ndata
Size: - Virtual size: 196KB

.rsrc
Size: 79KB - Virtual size: 79KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 204KB - Virtual size: 203KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 2KB - Virtual size: 6KB

.gfids
Size: 512B - Virtual size: 328B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 648B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 638B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 927B

.data
Size: - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 254B

.text
Size: 468KB - Virtual size: 468KB

.rdata
Size: 124KB - Virtual size: 124KB

.data
Size: 7KB - Virtual size: 11KB

.gfids
Size: 512B - Virtual size: 316B

.rsrc
Size: 512B - Virtual size: 504B

.reloc
Size: 31KB - Virtual size: 30KB