3f0d1a3f474f03f5334e1800b308830eaa302b37d08fd5390176204f49ceae93

Sharing

Copy URL

Twitter E-mail

General

Target

3f0d1a3f474f03f5334e1800b308830eaa302b37d08fd5390176204f49ceae93
Size

1.1MB
MD5

c79b33f2c6d15af48a485350904f02dd
SHA1

a2ed08e7648642ab7b4e0ae88438c87259023a55
SHA256

3f0d1a3f474f03f5334e1800b308830eaa302b37d08fd5390176204f49ceae93
SHA512

5dd4b95511cecb473dc5badd6f094241e43ea269596f0c5fda67c7a971e36a4de4c3bbb46effd53087f2031211bae171e6f7fbf82c41329cf14e1f020023d211
SSDEEP

24576:OrSfsyCVp2xfwfOBT4T35Zl66PAaEbV3iCJXgoPchq4K4TIIcz:Jfs/cw2BT8rl3AagFaIIcz

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/15540D149889539308135FA12BEDBCBF
unpack001/1D34D800AA3320DC17A5786F8EEC16EE
unpack001/301210D5557D9BA34F401D3EF7A7276F
unpack001/60C01A897DD8D60D3FEA002ED3A4B764
unpack001/67E4F5301851646B10A95F65A0B3BACB
unpack001/8953398DE47344E9C2727565AF8D6F31
unpack001/D883DC7ACC192019F220409EE2CADD64
unpack001/DF5A394AD60512767D375647DBB82994
unpack001/F1E546FE9D51DC96EB766EC61269EDFB
unpack001/F77DB63CBED98391027F2525C14E161F

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/15540D149889539308135FA12BEDBCBF	nsis_installer_2

Files

3f0d1a3f474f03f5334e1800b308830eaa302b37d08fd5390176204f49ceae93
.zip

Password: infected
15540D149889539308135FA12BEDBCBF
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1D34D800AA3320DC17A5786F8EEC16EE
.exe windows:5 windows x86 arch:x86

4da701aa7d3d380af994571d5c5b8ed3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
GetTempFileNameA
LeaveCriticalSection
SystemTimeToFileTime
GetCurrentDirectoryA
CopyFileExW
WaitForMultipleObjects
LocalFileTimeToFileTime
SetEvent
CopyFileA
CreateEventW
FlushFileBuffers
GetSystemTime
MoveFileA
ConnectNamedPipe
GetExitCodeProcess
GetShortPathNameW
SetFilePointerEx
GetThreadTimes
GetEnvironmentVariableA
SetFileTime
GetProcessHeap
EnumResourceTypesA
GetDateFormatW
SetEnvironmentVariableA
GlobalFindAtomA
FormatMessageA
OpenEventA
IsValidLanguageGroup
UnregisterWaitEx
WriteFile
ConsoleMenuControl
GetCurrentProcessId
SetFileAttributesA
CreateFileA
Sleep
GetFileAttributesA
LocalLock
DeleteFileA
SetEndOfFile
DeleteCriticalSection
QueryDosDeviceA
DosDateTimeToFileTime
GlobalDeleteAtom
GetDiskFreeSpaceA
GetCommandLineA
CreateProcessA
QueryPerformanceCounter
GetNumberFormatA
GetCurrentThreadId
GetDriveTypeA
CreateNamedPipeA
EnterCriticalSection
SetLastError
GetPrivateProfileIntW
GlobalGetAtomNameA
GlobalAddAtomA
GetFileSize
GetVersionExA
RaiseException
EnumSystemCodePagesW
GetCurrentProcess

comctl32

ImageList_Create
ImageList_Remove
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Draw
ImageList_Add
ImageList_Destroy
InitCommonControls

user32

DefWindowProcW
TabbedTextOutW
DispatchMessageW
SetCursor
ShowOwnedPopups
SetTimer
CharLowerBuffW
InsertMenuW
InsertMenuItemW
SetClassLongW
GetMenuItemInfoW
GetFocus
CreateWindowExW
CharNextW
ShowScrollBar

imm32

ImmGetOpenStatus
ImmGetCompositionStringW
ImmGetContext
ImmNotifyIME
ImmReleaseContext

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

ole32

CoRevokeClassObject
CoInitialize
OleDuplicateData
StgIsStorageFile
OleSetClipboard
StgOpenStorage
CoUninitialize

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
301210D5557D9BA34F401D3EF7A7276F
.exe windows:5 windows x86 arch:x86

f57f7689b7404ee7d57efafd891f26a9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateMenu
DestroyMenu
GetCursor
GetWindowLongA
CheckMenuItem
BeginPaint
LoadIconA
LoadCursorA
RegisterClassExA
GetCursorPos
DeleteMenu
SetWindowTextA
PeekMessageA
EndPaint
CreateWindowExA
ShowWindow
UpdateWindow
TranslateMessage
DispatchMessageA
GetMessageA

gdi32

GetStockObject
GetROP2
Rectangle

shlwapi

AssocCreate

comctl32

ord321
ord322
ord325
ord320
ord13

kernel32

LoadLibraryA
GetModuleHandleA
GetSystemInfo
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetLocalTime
GetSystemTime
HeapAlloc
HeapCreate
InitializeCriticalSection
GlobalAlloc
DeleteCriticalSection
GetLastError
GlobalFree

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
60C01A897DD8D60D3FEA002ED3A4B764
.exe windows:5 windows x86 arch:x86

7e9c948e59abadb42d6edb29db81a83b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateMenu
DeleteMenu
CheckMenuItem
GetCursor
DestroyMenu
SetWindowTextA
LoadIconA
LoadCursorA
RegisterClassExA
GetWindowLongA
GetCursorPos
BeginPaint
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
GetMenuItemCount
EndPaint

gdi32

Rectangle
GetROP2
TextOutA
GetStockObject

oleaut32

OleSavePictureFile
VarUI8FromDec

comctl32

ord13
ord322
ord325
ord320
ord321

kernel32

GetLocalTime
LeaveCriticalSection
DeleteCriticalSection
GetLastError
GlobalAlloc
EnterCriticalSection
GlobalFree
GetSystemTime
GetCPInfo
HeapAlloc
HeapCreate
InitializeCriticalSection
GetModuleHandleA
FreeLibrary
lstrlenA
LoadLibraryA
GetSystemInfo

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
67E4F5301851646B10A95F65A0B3BACB
.exe windows:5 windows x86 arch:x86

d1b34495bbda91211af2d65db7510a90

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowLongA
GetCursorPos
CreateMenu
CheckMenuItem
PeekMessageA
DeleteMenu
SetWindowTextA
DestroyMenu
GetMenuItemCount
LoadIconA
LoadCursorA
RegisterClassExA
BeginPaint
CreateWindowExA
ShowWindow
UpdateWindow
TranslateMessage
DispatchMessageA
GetMessageA
GetCursor
EndPaint

gdi32

DeleteObject
GetStockObject
Rectangle
CreateBitmap
GetROP2

ole32

CoInitialize
CreateBindCtx
IIDFromString

lz32

LZInit

kernel32

GetCPInfo
FreeLibrary
GetSystemTime
GetModuleHandleA
GetSystemInfo
LoadLibraryA
EnterCriticalSection
GlobalAlloc
LeaveCriticalSection
DeleteCriticalSection
GlobalFree
GetLastError
GetLocalTime
HeapAlloc
HeapCreate
InitializeCriticalSection

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
8953398DE47344E9C2727565AF8D6F31
.exe windows:5 windows x86 arch:x86

bbbfcf7591eddbce348a482f402ec576

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateMenu
DestroyMenu
GetWindowLongA
PeekMessageA
DispatchMessageA
TranslateMessage
DeleteMenu
GetCursor
GetMenuItemCount
CheckMenuItem
LoadIconA
LoadCursorA
RegisterClassExA
GetCursorPos
SetWindowTextA
BeginPaint
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
EndPaint

gdi32

Rectangle
GetStockObject
DeleteObject
CreateBitmap
GetROP2

ole32

CoInitialize
CreateBindCtx
IIDFromString

lz32

LZInit

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetSystemInfo
GetCPInfo
LoadLibraryA
GetLastError
FreeLibrary
GlobalAlloc
GlobalFree
GetLocalTime
GetSystemTime
HeapAlloc
HeapCreate
GetModuleHandleA

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
D883DC7ACC192019F220409EE2CADD64
.exe windows:5 windows x86 arch:x86

5bbd12e0b65d04ec039ff26207d694c8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFindAtomW
GetComputerNameW
GetVersionExA
InterlockedExchangeAdd
GetComputerNameA
WriteFile
lstrcpynA
lstrcmpiA
SetEvent
GetCurrentThreadId
IsValidLocale
lstrlenA
CreateMutexA
GetPriorityClass
GetCommandLineA
CreateProcessA
_lopen
GetSystemDirectoryA
GlobalUnlock
GetFileAttributesA
LoadLibraryExA
GetShortPathNameA
_llseek
GetTickCount
LocalFree
lstrcpyA
GlobalAlloc
FatalAppExitA
SetFileTime
CreateFileA
SetFileAttributesA
IsDBCSLeadByte
SetPriorityClass
lstrcatA
GetCurrentProcess
CreateEventA
FormatMessageA
CreateDirectoryA
SetCurrentDirectoryA
SetThreadAffinityMask
LoadResource
GetWindowsDirectoryA
FindResourceA
QueryDosDeviceA
GlobalFree
_lclose
GetTempFileNameA
GetTempPathA
GetDiskFreeSpaceA
LocalAlloc
ExitProcess
GetAtomNameW
IsBadCodePtr
FreeLibrary
lstrcmpA
ReadFile
GlobalLock
GetCurrentProcessId
GetProcAddress
ResetEvent
GetCurrentDirectoryA
GetSystemInfo
GetDriveTypeA
GetVolumeInformationA
FreeResource
LockResource
SizeofResource
ConnectNamedPipe
GetModuleFileNameA
RemoveDirectoryA
GetLastError
MulDiv
RaiseException
SetFilePointer
DeleteFileA

advapi32

RegSetValueExA
EqualSid
GetTokenInformation
RegCloseKey
RegQueryInfoKeyA
AdjustTokenPrivileges
RegDeleteValueA
FreeSid
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
OpenProcessToken

user32

CharPrevA
MessageBoxA
MessageBeep
CallWindowProcA
SendMessageA
ShowWindow
wsprintfA
EnableWindow
GetDlgItem
GetWindowRect
SetWindowLongA
SetWindowPos
GetDlgItemTextA
LoadStringA
CharNextA
GetWindowLongA
GetSystemMetrics
CharUpperA
PeekMessageA
SetWindowTextA
EndDialog
GetDesktopWindow
SetDlgItemTextA
DispatchMessageA
ExitWindowsEx

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

comctl32

ImageList_Draw
ImageList_Create
InitCommonControls
ImageList_SetBkColor

winmm

waveInOpen
waveOutClose
waveOutGetDevCapsA
waveInGetDevCapsA
waveInClose
mmioRead
waveInGetNumDevs
waveOutOpen
PlaySoundA
waveOutGetNumDevs

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DF5A394AD60512767D375647DBB82994
.exe windows:5 windows x86 arch:x86

aadc38b05c294e8fe3ea44ba8570d2b7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetCursor
DeleteMenu
GetMenuItemCount
LoadIconA
LoadCursorA
RegisterClassExA
CreateMenu
GetCursorPos
GetWindowLongA
CheckMenuItem
PeekMessageA
SetWindowTextA
DestroyMenu
BeginPaint
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
EndPaint

gdi32

TextOutA
GetStockObject
DeleteObject
CreateBitmap
GetROP2
Rectangle

oleaut32

VarUI8FromDec
OleSavePictureFile

comctl32

ord321
ord13
ord320
ord325
ord322

kernel32

GetLastError
GlobalAlloc
GetModuleHandleA
lstrlenA
GlobalFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FreeLibrary
GetCPInfo
LoadLibraryA
GetSystemTime
GetLocalTime
HeapAlloc
HeapCreate
GetSystemInfo

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
F1E546FE9D51DC96EB766EC61269EDFB
.exe windows:5 windows x86 arch:x86

93ff054b805e17efd7f7ae1730680391

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

InitCommonControlsEx
ord17

shlwapi

SHAutoComplete

kernel32

DeleteFileW
DeleteFileA
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetTickCount
WideCharToMultiByte
GlobalAlloc
GetVersionExW
GetFullPathNameA
GetFullPathNameW
GetModuleFileNameW
FindResourceW
GetModuleHandleW
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CompareStringA
ExitProcess
GetLocaleInfoW
GetNumberFormatW
DosDateTimeToFileTime
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
WaitForSingleObject
Sleep
GetTempPathW
MoveFileExW
UnmapViewOfFile
GetCommandLineW
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
SetEnvironmentVariableW
GetProcAddress
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
MultiByteToWideChar
CompareStringW
IsDBCSLeadByte
GetCPInfo
SetCurrentDirectoryW
GetCurrentDirectoryW
LoadLibraryW
FreeLibrary
SetFileAttributesW
SetFileAttributesA
GetFileAttributesW
GetFileAttributesA
WriteFile
GetStdHandle
SetLastError
ReadFile
CreateFileW
CreateFileA
GetFileType
SetEndOfFile
SetFilePointer
MoveFileW
SetFileTime
GetCurrentProcess
CloseHandle
GetLastError
GetDateFormatW

user32

wvsprintfW
ReleaseDC
GetDC
SendMessageW
SetDlgItemTextW
SetFocus
EndDialog
DestroyIcon
SendDlgItemMessageW
GetDlgItemTextW
GetClassNameW
DialogBoxParamW
IsWindowVisible
WaitForInputIdle
SetForegroundWindow
GetSysColor
PostMessageW
LoadBitmapW
LoadIconW
CharToOemA
OemToCharA
FindWindowExW
wvsprintfA
GetParent
MapWindowPoints
CreateWindowExW
UpdateWindow
SetWindowTextW
LoadCursorW
RegisterClassExW
SetWindowLongW
GetWindowLongW
DefWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
GetClientRect
IsWindow
CharToOemBuffW
MessageBoxW
ShowWindow
GetDlgItem
EnableWindow
OemToCharBuffA
CharUpperA
CharToOemBuffA
LoadStringW
SetWindowPos
GetWindowTextW
GetSystemMetrics
GetWindow
CharUpperW
GetWindowRect
CopyRect

gdi32

GetDeviceCaps
GetObjectW
CreateCompatibleBitmap
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
DeleteDC

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

advapi32

RegOpenKeyExW
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
SetFileSecurityW
SetFileSecurityA
AdjustTokenPrivileges

shell32

SHChangeNotify
ShellExecuteExW
SHFileOperationW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CreateStreamOnHGlobal
OleInitialize
CoCreateInstance
OleUninitialize
CLSIDFromString

oleaut32

VariantInit

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
F77DB63CBED98391027F2525C14E161F
.exe windows:5 windows x86 arch:x86

e31893982dd4fe8dee34c5c98156c12e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DeleteMenu
GetCursorPos
CreateMenu
DestroyMenu
GetWindowLongA
PeekMessageA
GetCursor
BeginPaint
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
SetWindowTextA
GetMenuItemCount
CheckMenuItem
EndPaint

gdi32

TextOutA
GetROP2
Rectangle
CreateBitmap
GetStockObject
DeleteObject

oleaut32

VarUI8FromDec
OleSavePictureFile

comctl32

ord321
ord322
ord320
ord13
ord325

kernel32

GetModuleHandleA
GlobalAlloc
GetSystemInfo
GetSystemTime
GlobalFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLocalTime
GetLastError
FreeLibrary
GetCPInfo
LoadLibraryA
HeapAlloc
HeapCreate
lstrlenA

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 15KB - Virtual size: 14KB

4da701aa7d3d380af994571d5c5b8ed3

Headers

File Characteristics

Imports

kernel32

comctl32

user32

imm32

rpcrt4

ole32

Sections

.text Size: 16KB - Virtual size: 16KB

.data Size: 7KB - Virtual size: 9KB

.rsrc Size: 5KB - Virtual size: 5KB

.rdata Size: 38KB - Virtual size: 59KB

f57f7689b7404ee7d57efafd891f26a9

Headers

File Characteristics

Imports

user32

gdi32

shlwapi

comctl32

kernel32

Sections

.text Size: 83KB - Virtual size: 83KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 6KB - Virtual size: 89KB

7e9c948e59abadb42d6edb29db81a83b

Headers

File Characteristics

Imports

user32

gdi32

oleaut32

comctl32

kernel32

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 5KB - Virtual size: 89KB

d1b34495bbda91211af2d65db7510a90

Headers

File Characteristics

Imports

user32

gdi32

ole32

lz32

kernel32

Sections

.text Size: 88KB - Virtual size: 88KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 85KB

bbbfcf7591eddbce348a482f402ec576

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 15KB - Virtual size: 14KB

.text
Size: 16KB - Virtual size: 16KB

.data
Size: 7KB - Virtual size: 9KB

.rsrc
Size: 5KB - Virtual size: 5KB

.rdata
Size: 38KB - Virtual size: 59KB

.text
Size: 83KB - Virtual size: 83KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 6KB - Virtual size: 89KB

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 5KB - Virtual size: 89KB

.text
Size: 88KB - Virtual size: 88KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 85KB

.text
Size: 88KB - Virtual size: 88KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 85KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 6KB - Virtual size: 9KB

.rsrc
Size: 5KB - Virtual size: 5KB

.rdata
Size: 38KB - Virtual size: 47KB

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 6KB - Virtual size: 89KB

.text
Size: 70KB - Virtual size: 69KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 63KB

.CRT
Size: 512B - Virtual size: 16B

.rsrc
Size: 16KB - Virtual size: 16KB