gbxdump[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

gbxdump.zip
Size

1.9MB
MD5

fdec53ff89b0c705252511e4a127a5f5
SHA1

20e90e0e152cbded6ceec3c57e2be2fa0f849ede
SHA256

9740ddf6ead3338052161eb80a6c1853b816d11c46887bc9a0d84f6d1afae309
SHA512

a015ac14e97fc36ab1bdf97c99a60513d874d538fa7be9157338aecc9cc5164d1085df3cb7e73c7b4c3768657c2d5b4f6dd4935b1a8fb62aa6fc06b0dfce5eb0
SSDEEP

49152:uq/0r3CqJsne/yc/ggNfIqN9lzLVpMvAPh:pcrEyz/gnqN9lj

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Executable/GbxDump.exe
unpack001/Executable/GbxDump64.exe
unpack001/Setup/x64/setup.exe
unpack001/Setup/x86/setup.exe

Files

gbxdump.zip
.zip

Password: infected
Executable/GbxDump.exe
.exe windows:5 windows x86 arch:x86

Password: infected

f15b17d62e37a2fd4a18718f91f90167

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

wininet

InternetSetOptionW
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetReadFile
InternetQueryOptionW
InternetGoOnlineW

msvfw32

DrawDibOpen
DrawDibClose
DrawDibDraw

msimg32

AlphaBlend

uxtheme

SetWindowTheme
IsAppThemed

xmllite

CreateXmlReader

kernel32

LocalFree
GlobalHandle
lstrcpynA
lstrcpynW
GetShortPathNameW
GetSystemInfo
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeSListHead
RaiseException
DebugBreak
IsDebuggerPresent
OutputDebugStringA
QueryPerformanceCounter
FlushFileBuffers
GetFileSizeEx
GetConsoleOutputCP
SetFilePointerEx
LCMapStringW
CompareStringW
FormatMessageW
SetStdHandle
GetConsoleMode
HeapFree
HeapAlloc
GetModuleFileNameW
GetStdHandle
HeapQueryInformation
HeapReAlloc
HeapSize
GetFileType
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
SetLastError
RtlUnwind
GetStartupInfoW
GetSystemTimeAsFileTime
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
GetFileAttributesExW
FreeLibrary
GetUserDefaultLangID
GetProcAddress
LoadLibraryW
GlobalSize
DeleteFileW
CloseHandle
GetModuleHandleW
WriteFile
CreateFileW
FileTimeToSystemTime
GlobalReAlloc
MulDiv
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
SetFilePointer
MultiByteToWideChar
IsValidCodePage
ReadFile
GetProcessHeap
WideCharToMultiByte
FindClose
FindFirstFileExW
FindNextFileW
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
WriteConsoleW
DecodePointer

user32

GetMonitorInfoW
MonitorFromRect
CopyRect
OffsetRect
GetDlgCtrlID
DrawTextW
GetWindowTextW
FillRect
SetPropW
SetRectEmpty
SetWindowPos
GetPropW
RemovePropW
SystemParametersInfoW
CallWindowProcW
PostMessageW
CreateWindowExW
MoveWindow
ScreenToClient
SetWindowTextW
MessageBoxIndirectW
TrackPopupMenu
EnableMenuItem
DestroyMenu
GetSubMenu
LoadMenuW
GetWindowRect
SetForegroundWindow
IsIconic
GetWindowLongW
SetClipboardData
EmptyClipboard
RedrawWindow
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
SetFocus
GetFocus
EndDialog
SetWindowLongW
GetWindowPlacement
EndDeferWindowPos
IsWindowVisible
ShowWindow
DeferWindowPos
BeginDeferWindowPos
GetWindow
GetClientRect
GetSysColorBrush
GetSysColor
RegisterClassExW
GetSystemMetrics
LoadImageW
LoadIconW
DefDlgProcW
DialogBoxParamW
MessageBoxW
GetActiveWindow
MessageBeep
UpdateWindow
InvalidateRect
GetDlgItem
EnableWindow
ReleaseDC
GetDC
GetParent
LoadStringW
SendMessageW
GetWindowTextLengthW
LoadCursorW
SetCursor
MessageBoxA
GetKeyState
IsWindow
IsWindowEnabled
CloseClipboard
DestroyWindow

gdi32

SetBkColor
SetTextColor
CreateHalftonePalette
CreatePalette
GetDIBits
GetObjectW
CreateDIBitmap
SetICMMode
RealizePalette
SelectPalette
GetDeviceCaps
CreateSolidBrush
CreateDIBSection
Escape
CreateCompatibleBitmap
DeleteDC
SelectObject
CreateBitmap
CreatePatternBrush
PatBlt
StretchBlt
BitBlt
SetBkMode
GetTextExtentPoint32W
GetStockObject
UpdateColors
CreateFontIndirectW
GetBrushOrgEx
SetStretchBltMode
SetBrushOrgEx
StretchDIBits
CreateHatchBrush
DeleteObject
CreateCompatibleDC

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

advapi32

RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

DragFinish
DragQueryFileW
DragAcceptFiles

ole32

CreateStreamOnHGlobal

Sections

.text
Size: 502KB - Virtual size: 502KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Executable/GbxDump64.exe
.exe windows:6 windows x64 arch:x64

Password: infected

f6ee38c30ba03a367b14871ebecf4faf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

InitCommonControlsEx

wininet

InternetSetOptionW
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetReadFile
InternetQueryOptionW
InternetGoOnlineW

msvfw32

DrawDibOpen
DrawDibClose
DrawDibDraw

msimg32

AlphaBlend

uxtheme

SetWindowTheme
IsAppThemed

xmllite

CreateXmlReader

kernel32

LocalFree
GlobalHandle
lstrcpynA
lstrcpynW
GetShortPathNameW
GetSystemInfo
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeSListHead
RaiseException
DebugBreak
IsDebuggerPresent
OutputDebugStringA
QueryPerformanceCounter
SleepConditionVariableCS
WakeConditionVariable
SetThreadPriority
InitializeConditionVariable
InitializeCriticalSectionEx
WaitForSingleObjectEx
GetConsoleOutputCP
SetFilePointerEx
LCMapStringW
CompareStringW
FlsFree
FormatMessageW
FlsGetValue
FlsAlloc
SetStdHandle
GetConsoleMode
HeapFree
HeapAlloc
GetModuleFileNameW
GetStdHandle
FreeLibraryAndExitThread
ExitThread
CreateThread
HeapQueryInformation
HeapReAlloc
HeapSize
GetFileType
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
SetLastError
RtlUnwind
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
GetSystemTimeAsFileTime
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
WriteConsoleW
RtlCaptureContext
GetLastError
GetFileAttributesExW
FreeLibrary
GetUserDefaultLangID
GetProcAddress
LoadLibraryW
GlobalSize
DeleteFileW
CloseHandle
GetModuleHandleW
WriteFile
CreateFileW
FileTimeToSystemTime
GlobalReAlloc
MulDiv
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
SetFilePointer
MultiByteToWideChar
IsValidCodePage
ReadFile
GetFileSizeEx
FlushFileBuffers
GetProcessHeap
WideCharToMultiByte
FindClose
FindFirstFileExW
FindNextFileW
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
FlsSetValue

user32

MonitorFromRect
SetPropW
SetRectEmpty
GetMonitorInfoW
OffsetRect
GetPropW
RemovePropW
SystemParametersInfoW
CopyRect
SetWindowPos
SetWindowLongW
GetDlgCtrlID
DrawTextW
GetWindowTextW
FillRect
CallWindowProcW
PostMessageW
CreateWindowExW
MoveWindow
ScreenToClient
SetWindowTextW
MessageBoxIndirectW
TrackPopupMenu
EnableMenuItem
DestroyMenu
GetSubMenu
LoadMenuW
GetWindowRect
SetForegroundWindow
IsIconic
GetWindowLongW
SetClipboardData
IsWindow
RedrawWindow
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
SetFocus
GetFocus
EndDialog
SetWindowLongPtrW
GetWindowPlacement
EndDeferWindowPos
IsWindowVisible
ShowWindow
DeferWindowPos
BeginDeferWindowPos
GetWindow
GetClientRect
GetSysColorBrush
GetSysColor
RegisterClassExW
GetSystemMetrics
LoadImageW
LoadIconW
DefDlgProcW
DialogBoxParamW
MessageBoxW
GetActiveWindow
MessageBeep
UpdateWindow
InvalidateRect
GetDlgItem
EnableWindow
ReleaseDC
GetDC
GetParent
LoadStringW
SendMessageW
GetWindowTextLengthW
LoadCursorW
SetCursor
MessageBoxA
GetKeyState
CloseClipboard
IsWindowEnabled
EmptyClipboard
DestroyWindow

gdi32

GetBrushOrgEx
CreateHatchBrush
CreateFontIndirectW
UpdateColors
GetStockObject
CreateSolidBrush
SetBkColor
SetTextColor
CreateHalftonePalette
CreatePalette
GetDIBits
SetStretchBltMode
CreateDIBitmap
SetICMMode
RealizePalette
SelectPalette
GetDeviceCaps
DeleteObject
CreateDIBSection
Escape
StretchBlt
BitBlt
SetBkMode
GetTextExtentPoint32W
SetBrushOrgEx
StretchDIBits
CreateCompatibleDC
DeleteDC
SelectObject
CreateBitmap
CreatePatternBrush
CreateCompatibleBitmap
GetObjectW
PatBlt

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

advapi32

RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

DragFinish
DragQueryFileW
DragAcceptFiles

ole32

CreateStreamOnHGlobal

Sections

.text
Size: 584KB - Virtual size: 584KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Readme.txt
Setup/x64/GbxDump64.msi
.msi
Setup/x64/setup.exe
.exe windows:5 windows x86 arch:x86

Password: infected

367254f4e83f62f5437681fde2e55f48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\dbs\el\ddvsm\out\binaries\x86ret\bin\i386\Bootstrapper\Engine\setup.pdb

Imports

kernel32

OpenProcess
GetNativeSystemInfo
EndUpdateResourceW
VerifyVersionInfoW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetEvent
CreateEventW
LoadResource
LockResource
SizeofResource
FindResourceW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
DeleteFileW
GetFileAttributesW
Sleep
ReadFile
GetTempPathW
GetCurrentProcess
GetSystemInfo
GetSystemDirectoryW
GetWindowsDirectoryW
GetVersionExW
GetModuleFileNameW
GlobalAlloc
GlobalFree
LocalFree
FormatMessageW
CopyFileW
GetDateFormatW
GetTimeFormatW
CompareStringW
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
HeapSetInformation
SetFilePointer
GetDiskFreeSpaceExW
CreateFileW
VerSetConditionMask
DeleteCriticalSection
CreateThread
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrlenW
GetCurrentProcessId
MulDiv
GetTickCount
GetExitCodeProcess
LoadLibraryW
GetTempFileNameW
SwitchToThread
FindNextFileW
UpdateResourceA
BeginUpdateResourceA
FindResourceA
lstrlenA
DeleteFileA
CreateFileA
UpdateResourceW
BeginUpdateResourceW
GetVersion
GetEnvironmentVariableA
LCMapStringEx
InitializeCriticalSectionEx
HeapReAlloc
HeapSize
WriteConsoleW
GetProcessHeap
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
OutputDebugStringW
SetEndOfFile
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
FindFirstFileW
FindClose
GetProcAddress
FreeLibrary
WaitForSingleObject
GetLastError
CloseHandle
WriteFile
LCMapStringW
HeapFree
HeapAlloc
GetFileType
GetStringTypeW
GetACP
GetModuleHandleExW
ExitProcess
MultiByteToWideChar
RaiseException
VirtualProtect
VirtualQuery
GetModuleHandleW
LoadLibraryExA
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetStdHandle

gdi32

GetStockObject
EnumFontFamiliesExW
DeleteObject
CreateFontIndirectW
GetObjectW
GetTextMetricsW
SelectObject
GetTextExtentPoint32W
GetDeviceCaps
DeleteDC
CreateCompatibleDC

ole32

CoUninitialize
CoInitialize

secur32

GetComputerObjectNameW

shell32

SHGetMalloc
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
ShellExecuteA

user32

SystemParametersInfoW
IsDialogMessageW
LoadImageW
LoadIconW
LoadCursorW
SetClassLongW
SetCursor
GetWindowRect
GetClientRect
SetWindowTextW
ShowScrollBar
SetForegroundWindow
EnableWindow
MsgWaitForMultipleObjects
GetFocus
SetFocus
SendDlgItemMessageW
SetDlgItemTextW
GetDlgItem
CreateDialogIndirectParamW
CreateDialogParamW
MoveWindow
ShowWindow
DestroyWindow
SendMessageW
SendMessageA
PeekMessageW
DispatchMessageW
TranslateMessage
ExitWindowsEx
MessageBoxW
ReleaseDC
GetDC
DrawTextW
GetSystemMetrics
GetDialogBaseUnits
MessageBoxA
ScreenToClient

crypt32

CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy

wininet

InternetCrackUrlW
InternetCombineUrlW

msi

ord92
ord150
ord78
ord8

shlwapi

UrlUnescapeW

Exports

Exports

_DecodePointerInternal@4
_EncodePointerInternal@4

Sections

.text
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setup/x86/GbxDump.msi
.msi
Setup/x86/setup.exe
.exe windows:5 windows x86 arch:x86

Password: infected

367254f4e83f62f5437681fde2e55f48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\dbs\el\ddvsm\out\binaries\x86ret\bin\i386\Bootstrapper\Engine\setup.pdb

Imports

kernel32

OpenProcess
GetNativeSystemInfo
EndUpdateResourceW
VerifyVersionInfoW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetEvent
CreateEventW
LoadResource
LockResource
SizeofResource
FindResourceW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
DeleteFileW
GetFileAttributesW
Sleep
ReadFile
GetTempPathW
GetCurrentProcess
GetSystemInfo
GetSystemDirectoryW
GetWindowsDirectoryW
GetVersionExW
GetModuleFileNameW
GlobalAlloc
GlobalFree
LocalFree
FormatMessageW
CopyFileW
GetDateFormatW
GetTimeFormatW
CompareStringW
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
HeapSetInformation
SetFilePointer
GetDiskFreeSpaceExW
CreateFileW
VerSetConditionMask
DeleteCriticalSection
CreateThread
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrlenW
GetCurrentProcessId
MulDiv
GetTickCount
GetExitCodeProcess
LoadLibraryW
GetTempFileNameW
SwitchToThread
FindNextFileW
UpdateResourceA
BeginUpdateResourceA
FindResourceA
lstrlenA
DeleteFileA
CreateFileA
UpdateResourceW
BeginUpdateResourceW
GetVersion
GetEnvironmentVariableA
LCMapStringEx
InitializeCriticalSectionEx
HeapReAlloc
HeapSize
WriteConsoleW
GetProcessHeap
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
OutputDebugStringW
SetEndOfFile
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
FindFirstFileW
FindClose
GetProcAddress
FreeLibrary
WaitForSingleObject
GetLastError
CloseHandle
WriteFile
LCMapStringW
HeapFree
HeapAlloc
GetFileType
GetStringTypeW
GetACP
GetModuleHandleExW
ExitProcess
MultiByteToWideChar
RaiseException
VirtualProtect
VirtualQuery
GetModuleHandleW
LoadLibraryExA
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetStdHandle

gdi32

GetStockObject
EnumFontFamiliesExW
DeleteObject
CreateFontIndirectW
GetObjectW
GetTextMetricsW
SelectObject
GetTextExtentPoint32W
GetDeviceCaps
DeleteDC
CreateCompatibleDC

ole32

CoUninitialize
CoInitialize

secur32

GetComputerObjectNameW

shell32

SHGetMalloc
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
ShellExecuteA

user32

SystemParametersInfoW
IsDialogMessageW
LoadImageW
LoadIconW
LoadCursorW
SetClassLongW
SetCursor
GetWindowRect
GetClientRect
SetWindowTextW
ShowScrollBar
SetForegroundWindow
EnableWindow
MsgWaitForMultipleObjects
GetFocus
SetFocus
SendDlgItemMessageW
SetDlgItemTextW
GetDlgItem
CreateDialogIndirectParamW
CreateDialogParamW
MoveWindow
ShowWindow
DestroyWindow
SendMessageW
SendMessageA
PeekMessageW
DispatchMessageW
TranslateMessage
ExitWindowsEx
MessageBoxW
ReleaseDC
GetDC
DrawTextW
GetSystemMetrics
GetDialogBaseUnits
MessageBoxA
ScreenToClient

crypt32

CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy

wininet

InternetCrackUrlW
InternetCombineUrlW

msi

ord92
ord150
ord78
ord8

shlwapi

UrlUnescapeW

Exports

Exports

_DecodePointerInternal@4
_EncodePointerInternal@4

Sections

.text
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f15b17d62e37a2fd4a18718f91f90167

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

wininet

msvfw32

msimg32

uxtheme

xmllite

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 502KB - Virtual size: 502KB

.rdata Size: 118KB - Virtual size: 118KB

.data Size: 4KB - Virtual size: 86KB

.rsrc Size: 157KB - Virtual size: 157KB

.reloc Size: 16KB - Virtual size: 15KB

Password: infected

f6ee38c30ba03a367b14871ebecf4faf

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

wininet

msvfw32

msimg32

uxtheme

xmllite

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 584KB - Virtual size: 584KB

.rdata Size: 145KB - Virtual size: 145KB

.data Size: 4KB - Virtual size: 90KB

.pdata Size: 23KB - Virtual size: 23KB

_RDATA Size: 1024B - Virtual size: 768B

.rsrc Size: 157KB - Virtual size: 157KB

.reloc Size: 2KB - Virtual size: 2KB

Password: infected

367254f4e83f62f5437681fde2e55f48

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

ole32

secur32

shell32

user32

crypt32

wininet

msi

shlwapi

Exports

Exports

Sections

.text Size: 386KB - Virtual size: 386KB

.data Size: 5KB - Virtual size: 9KB

.text
Size: 502KB - Virtual size: 502KB

.rdata
Size: 118KB - Virtual size: 118KB

.data
Size: 4KB - Virtual size: 86KB

.rsrc
Size: 157KB - Virtual size: 157KB

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 584KB - Virtual size: 584KB

.rdata
Size: 145KB - Virtual size: 145KB

.data
Size: 4KB - Virtual size: 90KB

.pdata
Size: 23KB - Virtual size: 23KB

_RDATA
Size: 1024B - Virtual size: 768B

.rsrc
Size: 157KB - Virtual size: 157KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 386KB - Virtual size: 386KB

.data
Size: 5KB - Virtual size: 9KB

.idata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 112B

.rsrc
Size: 118KB - Virtual size: 117KB

.reloc
Size: 14KB - Virtual size: 14KB

.text
Size: 386KB - Virtual size: 386KB

.data
Size: 5KB - Virtual size: 9KB

.idata
Size: 5KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 112B

.rsrc
Size: 118KB - Virtual size: 117KB

.reloc
Size: 14KB - Virtual size: 14KB