6da18413f34c0348cc26ec3ade6515223aba6ac2a87f9414e056aad54334ff60

Sharing

Copy URL

Twitter E-mail

General

Target

6da18413f34c0348cc26ec3ade6515223aba6ac2a87f9414e056aad54334ff60
Size

1.9MB
MD5

1c15235bb6e7ead2d1958af888adbd64
SHA1

7a6dc724763169467e81225a6ddb56a41a82854c
SHA256

6da18413f34c0348cc26ec3ade6515223aba6ac2a87f9414e056aad54334ff60
SHA512

1bd9774e82bb352868d276c7d6d59ee8bb79df2491226307873750c37067e67ccb768447322910865125964976f991ab9583cd419389ee7114b5ba7414d8cbc3
SSDEEP

12288:GbPjxk4nd9cPZ4mPF7Wg8XYcDpvHRqRNl3JYGJ0gSq:GbbO4nXW4mPF7Wg8HDVxk+GJ0vq

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
6da18413f34c0348cc26ec3ade6515223aba6ac2a87f9414e056aad54334ff60
unpack001/$PLUGINSDIR/InstallOptionsEx.dll
unpack001/$PLUGINSDIR/SkinnedControls.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/nsisFirewall.dll
unpack001/$PLUGINSDIR/registry.dll
unpack001/$TEMP/$_7_

Files

6da18413f34c0348cc26ec3ade6515223aba6ac2a87f9414e056aad54334ff60
.exe windows:4 windows x86 arch:x86

56a78d55f3f7af51443e58e0ce2fb5f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BtmImg.bmp
$PLUGINSDIR/ButtonImg.bmp
$PLUGINSDIR/Header.bmp
$PLUGINSDIR/InstallOptionsEx.dll
.dll windows:5 windows x86 arch:x86

284d139f489ef5d980b7efc06948888b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy

shlwapi

PathFindExtensionW
PathFileExistsW

kernel32

GlobalUnlock
GetCurrentDirectoryW
GlobalFree
SetCurrentDirectoryW
lstrcmpiW
lstrcatW
CloseHandle
GetSystemTime
lstrcpyW
WideCharToMultiByte
HeapSize
CreateFileA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetProcessHeap
LoadLibraryA
HeapReAlloc
VirtualAlloc
HeapAlloc
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
ExitProcess
Sleep
InterlockedDecrement
WritePrivateProfileStringW
lstrlenW
MultiByteToWideChar
lstrcmpW
CreateFileW
ReadFile
MulDiv
GetTimeFormatW
lstrcpynW
LoadLibraryW
GlobalAlloc
WriteFile
GetPrivateProfileStringW
GetTickCount
GetModuleHandleW
GlobalLock
SetErrorMode
SetEndOfFile
SetFilePointer
FindFirstFileW
GetFileSize
GetDateFormatW
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
HeapFree
GetConsoleMode
GetConsoleCP
DeleteCriticalSection
GetStartupInfoA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetLastError
SetHandleCount
GetStdHandle
GetFileType

user32

GetDC
DestroyWindow
SetCursor
GetWindowTextLengthW
SetWindowRgn
GetSystemMenu
SetTimer
ScreenToClient
GetWindowRect
MapDialogRect
GetMessageW
CharNextW
LoadImageW
PostMessageW
DrawTextW
KillTimer
GetKeyState
CopyImage
LoadCursorW
DispatchMessageW
GetClientRect
wsprintfW
GetIconInfo
IsWindowEnabled
DrawFocusRect
TranslateMessage
IsDialogMessageW
GetWindowLongW
GetWindowTextW
ReleaseDC
EnableMenuItem
GetDlgItem
SetWindowLongW
DestroyCursor
GetSysColor
SetWindowPos
GetCursorPos
ShowWindow
CreateDialogParamW
CreateWindowExW
MessageBoxW
SendMessageW
MapWindowPoints
UpdateWindow
EnableWindow
GetDlgCtrlID
SetWindowTextW
DestroyIcon
CallWindowProcW

gdi32

PatBlt
SetTextColor
GetBkMode
CreateFontIndirectW
GetDeviceCaps
GetDIBits
SetBkColor
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CombineRgn
CreateBrushIndirect
GetBkColor
GetObjectW
CreateRectRgn
GetTextColor
CreateSolidBrush

comdlg32

CommDlgExtendedError
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW
ChooseFontW

shell32

SHGetDesktopFolder
SHBrowseForFolderW
ExtractIconExW
SHGetPathFromIDListW
ShellExecuteW

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

Exports

Exports

dialog
initDialog
make_unicode
setFocus
show
skipValidation

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LeftImg.bmp
$PLUGINSDIR/PageBG.bmp
$PLUGINSDIR/ScrollBarImg.bmp
$PLUGINSDIR/SkinnedControls.dll
.dll windows:5 windows x86 arch:x86

d83ee4de1171f71ee9c91548d46a497d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualQuery
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
IsValidCodePage
GetOEMCP
LoadLibraryA
GetCPInfo
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
Sleep
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsSetValue
TlsGetValue
GetModuleHandleW
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetProcAddress
GetCurrentProcess
FlushInstructionCache
VirtualProtect
SetLastError
MulDiv
HeapAlloc
GetModuleHandleA
GetProcessHeap
HeapFree
GetVersion
GetVersionExW
LocalFree
lstrcmpiW
GetLastError
lstrlenW
lstrcmpW
GetFileAttributesW
FormatMessageW
lstrcpyW
GlobalFree
MultiByteToWideChar
lstrcpynW
WideCharToMultiByte
GetACP
GlobalAlloc

user32

IsWindowVisible
SetCursor
ScreenToClient
GetMessagePos
ReleaseCapture
KillTimer
SetCapture
SetTimer
PtInRect
CallWindowProcA
MapWindowPoints
CopyRect
ReleaseDC
GetWindowDC
WindowFromDC
InflateRect
FrameRect
OffsetRect
GetWindowRect
DrawEdge
GetSysColorBrush
GetSystemMetrics
SetRect
DrawFrameControl
GetSysColor
GetClientRect
SetPropA
CreateWindowExA
RemovePropA
GetWindowLongA
SetWindowLongA
SendMessageA
SetWindowPos
GetPropA
ShowScrollBar
SetScrollRange
SetScrollPos
SetScrollInfo
GetScrollRange
GetScrollPos
GetScrollInfo
EnableScrollBar
FillRect
LoadImageW
PostMessageW
DrawTextW
GetParent
GetClassLongW
SetPropW
InvalidateRect
GetWindowLongW
GetClassNameW
GetDlgItem
SetWindowLongW
EnumChildWindows
ShowWindow
FindWindowExW
MessageBoxW
GetDlgItemTextW
UpdateWindow
GetPropW
CallWindowProcW
wsprintfW
GetCursorPos

gdi32

ExtTextOutA
SetBrushOrgEx
PatBlt
CreateBitmap
UnrealizeObject
CreateCompatibleBitmap
SetBkColor
CreateSolidBrush
BitBlt
SetTextColor
DeleteDC
StretchBlt
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
GetObjectW
SetStretchBltMode
GetPixel
GetStockObject
GetObjectA
PlayEnhMetaFile
SetWindowOrgEx
SelectClipRgn
IntersectClipRect
CreatePatternBrush

Exports

Exports

setskin
skinit
unskinit

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

c1c7505e1e6e929ebb6b9100e55b050a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode

user32

wsprintfW
CharNextExA
SendMessageW
FindWindowExW
CharNextW
CharPrevW

kernel32

CreatePipe
DeleteFileW
lstrcmpiW
GetCommandLineW
ExitProcess
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreateFileMappingW
GetVersion
GetCurrentProcess
lstrcpynW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
GlobalFree
CreateFileW
CopyFileW
GetTempFileNameW
GlobalAlloc
GetModuleFileNameW
GetProcAddress
GetModuleHandleA

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisFirewall.dll
.dll windows:4 windows x86 arch:x86

18ecfc7436b69f8c13ec22664f9f1857

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
InterlockedDecrement
LocalFree

user32

wsprintfW

ole32

OleRun
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

GetErrorInfo
SysFreeString
SysAllocString

msvcrt

free
_adjust_fdiv
malloc
_initterm
_CxxThrowException
??2@YAPAXI@Z
??3@YAXPAX@Z
??1type_info@@UAE@XZ
__CxxFrameHandler

Exports

Exports

AddAuthorizedApplication
RemoveAuthorizedApplication

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/registry.dll
.dll windows:4 windows x86 arch:x86

421a02aae559045e04759aae146087eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateProcessA
CreateProcessW
GlobalAlloc
SearchPathA
SearchPathW
GetFileAttributesA
GetFileAttributesW
CreateFileA
CreateFileW
WriteFile
WideCharToMultiByte
GetWindowsDirectoryW
lstrlenA
lstrlenW
MultiByteToWideChar
GlobalFree

user32

FindWindowExA
SetWindowTextA
SetWindowTextW
MessageBoxW
GetDlgItem

advapi32

RegQueryValueExA
RegQueryValueExW
RegOpenKeyExA
RegOpenKeyExW
RegCreateKeyExA
RegCreateKeyExW
RegEnumValueA
RegEnumValueW
RegEnumKeyExA
RegEnumKeyExW
RegCloseKey
RegSetValueExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegSetValueExW

Exports

Exports

_Close
_CopyKey
_CopyValue
_CreateKey
_DeleteKey
_DeleteKeyEmpty
_DeleteValue
_Find
_HexToStrA
_HexToStrW
_KeyExists
_MoveKey
_MoveValue
_Open
_Read
_ReadExtra
_RestoreKey
_SaveKey
_StrToHexA
_StrToHexW
_Unload
_Write
_WriteExtra

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_7_
.exe windows:5 windows x86 arch:x86

cdac6fb8ebaffa1184f8cfda4c5f5811

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\hhgyu\Documents\Visual Studio 2013\Projects\Broadcast\Release\Broadcast.pdb

Imports

kernel32

HeapAlloc
HeapFree
ReadProcessMemory
GetCurrentProcessId
TerminateProcess
DuplicateHandle
GetExitCodeProcess
CreateRemoteThread
SetLastError
MultiByteToWideChar
HeapDestroy
HeapSize
HeapReAlloc
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
HeapCreate
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
GetProcessHeap
ReadFile
SetHandleInformation
CreatePipe
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
OutputDebugStringW
GetStringTypeW
LCMapStringW
OpenProcess
GetCurrentProcess
SetEvent
CloseHandle
GetLastError
WriteFile
CreateFileW
DeleteFileW
GetTempFileNameW
GetTempPathW
WaitForSingleObject
CreateEventW
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
WriteConsoleW
SetFilePointerEx
SetStdHandle
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
EncodePointer
GetFullPathNameW
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
IsProcessorFeaturePresent
GetCommandLineW
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetTickCount
CreateSemaphoreW
CreateThread
ExitThread
LoadLibraryExW
CreateTimerQueue
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetDriveTypeW
GetCurrentDirectoryW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetStdHandle
GetModuleFileNameW
FreeLibrary
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetFileType
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InitializeSListHead
InterlockedPopEntrySList
LoadLibraryW

user32

GetWindowTextW
GetWindowThreadProcessId
GetForegroundWindow
EnumWindows
PostMessageW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

SHGetFolderPathW

shlwapi

PathAppendW
PathFileExistsW

psapi

GetModuleBaseNameW
EnumProcessModules
GetProcessImageFileNameW
GetModuleFileNameExW

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56a78d55f3f7af51443e58e0ce2fb5f6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 172KB

.ndata Size: - Virtual size: 88KB

.rsrc Size: 46KB - Virtual size: 46KB

284d139f489ef5d980b7efc06948888b

Headers

File Characteristics

Imports

comctl32

shlwapi

kernel32

user32

gdi32

comdlg32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 85KB - Virtual size: 85KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 1024B - Virtual size: 564B

.reloc Size: 7KB - Virtual size: 7KB

d83ee4de1171f71ee9c91548d46a497d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 48KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 8KB - Virtual size: 7KB

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 662B

c1c7505e1e6e929ebb6b9100e55b050a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 172KB

.ndata
Size: - Virtual size: 88KB

.rsrc
Size: 46KB - Virtual size: 46KB

.text
Size: 85KB - Virtual size: 85KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 1024B - Virtual size: 564B

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 420B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 324B

.reloc
Size: 1024B - Virtual size: 546B

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 322KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 183KB - Virtual size: 182KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 11KB - Virtual size: 27KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB