WinSCP-6[.]3[.]4[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

WinSCP-6.3.4.zip
Size

13.6MB
MD5

3a375743d75b6a94d42e3dcb0c438c48
SHA1

7e227a0897184b797f42645adf3feb7512506ca6
SHA256

44ffb3efa3a56cdf878243d0bceced1c89af0da662a61ec6a044bd9604e99753
SHA512

343ae1ee4387d74dfdb8e38adc9f0e60622929ef44fecabc6e0bf70504d53916663d1870fe0a9018c289fde2a4b10dab735dffc9c20978f665d6c696f330c16d
SSDEEP

393216:IfAr8zocYg28HVSgxLWOLjQ3JC0v+EhLg6G:Xr8zfY6q6jQ3ZtLg6G

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bass.dll
unpack001/libwebp.dll
unpack001/setup.exe

Files

WinSCP-6.3.4.zip
.zip
bass.dll
.dll windows:6 windows x64 arch:x64

aa4a1da3293f0999bc653574dce09f14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

PathRemoveFileSpecA
StrStrIA

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlPcToFileHeader
RtlUnwindEx
RtlDestroyProcessParameters
RtlCreateProcessParametersEx
RtlInitUnicodeString
RtlFreeHeap
RtlAllocateHeap

kernel32

WriteConsoleW
CreateFileW
GetConsoleMode
GetConsoleOutputCP
lstrlenA
lstrlenW
GetEnvironmentVariableA
CreateDirectoryA
CreateFileA
GetFileAttributesA
WriteFile
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
FreeResource
LockResource
SizeofResource
FindResourceA
K32EnumProcessModules
K32GetModuleFileNameExA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetCurrentProcess
OpenProcess
VirtualQuery
ReadProcessMemory
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetComputerNameExA
GetComputerNameA
Sleep
GetCurrentThread
LoadResource
GetModuleHandleW
FlushFileBuffers
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
TerminateProcess
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx

advapi32

GetUserNameA

Exports

Exports

BASS_Apply3D
BASS_ChannelBytes2Seconds
BASS_ChannelFlags
BASS_ChannelFree
BASS_ChannelGet3DAttributes
BASS_ChannelGet3DPosition
BASS_ChannelGetAttribute
BASS_ChannelGetAttributeEx
BASS_ChannelGetData
BASS_ChannelGetDevice
BASS_ChannelGetInfo
BASS_ChannelGetLength
BASS_ChannelGetLevel
BASS_ChannelGetLevelEx
BASS_ChannelGetPosition
BASS_ChannelGetTags
BASS_ChannelIsActive
BASS_ChannelIsSliding
BASS_ChannelLock
BASS_ChannelPause
BASS_ChannelPlay
BASS_ChannelRemoveDSP
BASS_ChannelRemoveFX
BASS_ChannelRemoveLink
BASS_ChannelRemoveSync
BASS_ChannelSeconds2Bytes
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_ChannelSetAttribute
BASS_ChannelSetAttributeEx
BASS_ChannelSetDSP
BASS_ChannelSetDevice
BASS_ChannelSetFX
BASS_ChannelSetLink
BASS_ChannelSetPosition
BASS_ChannelSetSync
BASS_ChannelSlideAttribute
BASS_ChannelStart
BASS_ChannelStop
BASS_ChannelUpdate
BASS_ErrorGetCode
BASS_FXGetParameters
BASS_FXReset
BASS_FXSetParameters
BASS_FXSetPriority
BASS_Free
BASS_Get3DFactors
BASS_Get3DPosition
BASS_GetCPU
BASS_GetConfig
BASS_GetConfigPtr
BASS_GetDSoundObject
BASS_GetDevice
BASS_GetDeviceInfo
BASS_GetEAXParameters
BASS_GetInfo
BASS_GetVersion
BASS_GetVolume
BASS_Init
BASS_IsStarted
BASS_MusicFree
BASS_MusicLoad
BASS_Pause
BASS_PluginEnable
BASS_PluginFree
BASS_PluginGetInfo
BASS_PluginLoad
BASS_RecordFree
BASS_RecordGetDevice
BASS_RecordGetDeviceInfo
BASS_RecordGetInfo
BASS_RecordGetInput
BASS_RecordGetInputName
BASS_RecordInit
BASS_RecordSetDevice
BASS_RecordSetInput
BASS_RecordStart
BASS_SampleCreate
BASS_SampleFree
BASS_SampleGetChannel
BASS_SampleGetChannels
BASS_SampleGetData
BASS_SampleGetInfo
BASS_SampleLoad
BASS_SampleSetData
BASS_SampleSetInfo
BASS_SampleStop
BASS_Set3DFactors
BASS_Set3DPosition
BASS_SetConfig
BASS_SetConfigPtr
BASS_SetDevice
BASS_SetEAXParameters
BASS_SetVolume
BASS_Start
BASS_Stop
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateFileUser
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_StreamPutData
BASS_StreamPutFileData
BASS_Update
_

Sections

.text
Size: 730KB - Virtual size: 730KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 19.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10.9MB - Virtual size: 10.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
basslib.dll
.dll windows:5 windows x64 arch:x64

Code Sign

5c:9a:26:12:27:57:4c:26:b6:35:0a:6e:5e:00:26:18
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

31/01/2022, 16:17

Not After

28/01/2023, 16:17

Subject

CN=Un4seen Developments Ltd,O=Un4seen Developments Ltd,L=London,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24/06/2016, 20:44

Not After

24/06/2031, 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ed:a5:49:9b:3e:77:ab:0f:4a:bf:11:62:bf:5c:68:6c:eb:19:9f:c5
Signer

Actual PE Digest

ed:a5:49:9b:3e:77:ab:0f:4a:bf:11:62:bf:5c:68:6c:eb:19:9f:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

BASS_Apply3D
BASS_ChannelBytes2Seconds
BASS_ChannelFlags
BASS_ChannelFree
BASS_ChannelGet3DAttributes
BASS_ChannelGet3DPosition
BASS_ChannelGetAttribute
BASS_ChannelGetAttributeEx
BASS_ChannelGetData
BASS_ChannelGetDevice
BASS_ChannelGetInfo
BASS_ChannelGetLength
BASS_ChannelGetLevel
BASS_ChannelGetLevelEx
BASS_ChannelGetPosition
BASS_ChannelGetTags
BASS_ChannelIsActive
BASS_ChannelIsSliding
BASS_ChannelLock
BASS_ChannelPause
BASS_ChannelPlay
BASS_ChannelRemoveDSP
BASS_ChannelRemoveFX
BASS_ChannelRemoveLink
BASS_ChannelRemoveSync
BASS_ChannelSeconds2Bytes
BASS_ChannelSet3DAttributes
BASS_ChannelSet3DPosition
BASS_ChannelSetAttribute
BASS_ChannelSetAttributeEx
BASS_ChannelSetDSP
BASS_ChannelSetDevice
BASS_ChannelSetFX
BASS_ChannelSetLink
BASS_ChannelSetPosition
BASS_ChannelSetSync
BASS_ChannelSlideAttribute
BASS_ChannelStart
BASS_ChannelStop
BASS_ChannelUpdate
BASS_ErrorGetCode
BASS_FXGetParameters
BASS_FXReset
BASS_FXSetParameters
BASS_FXSetPriority
BASS_Free
BASS_Get3DFactors
BASS_Get3DPosition
BASS_GetCPU
BASS_GetConfig
BASS_GetConfigPtr
BASS_GetDSoundObject
BASS_GetDevice
BASS_GetDeviceInfo
BASS_GetEAXParameters
BASS_GetInfo
BASS_GetVersion
BASS_GetVolume
BASS_Init
BASS_IsStarted
BASS_MusicFree
BASS_MusicLoad
BASS_Pause
BASS_PluginEnable
BASS_PluginFree
BASS_PluginGetInfo
BASS_PluginLoad
BASS_RecordFree
BASS_RecordGetDevice
BASS_RecordGetDeviceInfo
BASS_RecordGetInfo
BASS_RecordGetInput
BASS_RecordGetInputName
BASS_RecordInit
BASS_RecordSetDevice
BASS_RecordSetInput
BASS_RecordStart
BASS_SampleCreate
BASS_SampleFree
BASS_SampleGetChannel
BASS_SampleGetChannels
BASS_SampleGetData
BASS_SampleGetInfo
BASS_SampleLoad
BASS_SampleSetData
BASS_SampleSetInfo
BASS_SampleStop
BASS_Set3DFactors
BASS_Set3DPosition
BASS_SetConfig
BASS_SetConfigPtr
BASS_SetDevice
BASS_SetEAXParameters
BASS_SetVolume
BASS_Start
BASS_Stop
BASS_StreamCreate
BASS_StreamCreateFile
BASS_StreamCreateFileUser
BASS_StreamCreateURL
BASS_StreamFree
BASS_StreamGetFilePosition
BASS_StreamPutData
BASS_StreamPutFileData
BASS_Update
_

Sections

Size: 143KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

petite
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
libwebp.dll
.dll windows:6 windows x64 arch:x64

9ddc64f586009775eabd3db5c98c00c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
WaitForSingleObjectEx
SetThreadPriority
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WriteConsoleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
HeapAlloc
HeapFree
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW

Exports

Exports

VP8CheckSignature
VP8GetCPUInfo
VP8GetInfo
VP8LCheckSignature
VP8LGetInfo
WebPBlendAlpha
WebPCleanupTransparentArea
WebPConfigInitInternal
WebPConfigLosslessPreset
WebPCopyPixels
WebPCopyPlane
WebPDecode
WebPDecodeARGB
WebPDecodeARGBInto
WebPDecodeBGR
WebPDecodeBGRA
WebPDecodeBGRAInto
WebPDecodeBGRInto
WebPDecodeRGB
WebPDecodeRGBA
WebPDecodeRGBAInto
WebPDecodeRGBInto
WebPDecodeYUV
WebPDecodeYUVInto
WebPEncode
WebPEncodeBGR
WebPEncodeBGRA
WebPEncodeLosslessBGR
WebPEncodeLosslessBGRA
WebPEncodeLosslessRGB
WebPEncodeLosslessRGBA
WebPEncodeRGB
WebPEncodeRGBA
WebPFree
WebPFreeDecBuffer
WebPGetColorPalette
WebPGetDecoderVersion
WebPGetEncoderVersion
WebPGetFeaturesInternal
WebPGetInfo
WebPGetWorkerInterface
WebPIAppend
WebPIDecGetRGB
WebPIDecGetYUVA
WebPIDecode
WebPIDecodedArea
WebPIDelete
WebPINewDecoder
WebPINewRGB
WebPINewYUV
WebPINewYUVA
WebPIUpdate
WebPInitDecBufferInternal
WebPInitDecoderConfigInternal
WebPMalloc
WebPMemoryWrite
WebPMemoryWriterClear
WebPMemoryWriterInit
WebPPictureARGBToYUVA
WebPPictureARGBToYUVADithered
WebPPictureAlloc
WebPPictureCopy
WebPPictureCrop
WebPPictureDistortion
WebPPictureFree
WebPPictureHasTransparency
WebPPictureImportBGR
WebPPictureImportBGRA
WebPPictureImportBGRX
WebPPictureImportRGB
WebPPictureImportRGBA
WebPPictureImportRGBX
WebPPictureInitInternal
WebPPictureIsView
WebPPictureRescale
WebPPictureSharpARGBToYUVA
WebPPictureSmartARGBToYUVA
WebPPictureView
WebPPictureYUVAToARGB
WebPPlaneDistortion
WebPSafeCalloc
WebPSafeFree
WebPSafeMalloc
WebPSetWorkerInterface
WebPValidateConfig

Sections

.text
Size: 458KB - Virtual size: 457KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.exe
.exe windows:6 windows x64 arch:x64

7b584b5098047ada4c6135e5f33828d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

timeGetTime

oleacc

LresultFromObject

shlwapi

StrCmpLogicalW

wininet

InternetCloseHandle
InternetReadFile
InternetOpenA
InternetOpenUrlA

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comdlg32

FindTextW
GetSaveFileNameW
GetOpenFileNameW

comctl32

FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
ImageList_GetDragImage
FlatSB_SetScrollProp
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
FlatSB_GetScrollInfo
ImageList_Write
ImageList_DrawIndirect
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_Draw
ImageList_Remove

shell32

SHBrowseForFolderW
DragQueryFileW
SHGetSpecialFolderLocation
Shell_NotifyIconW
DragAcceptFiles
SHGetPathFromIDListW
DragFinish
SHGetFileInfoW
ILCreateFromPathW
ILFree
SHFileOperationW
SHAppBarMessage
ShellExecuteW

user32

MoveWindow
CopyImage
SetMenuItemInfoW
GetMenuItemInfoW
DefFrameProcW
GetDlgCtrlID
FrameRect
RegisterWindowMessageW
GetMenuStringW
FillRect
SendMessageA
IsClipboardFormatAvailable
EnumWindows
ShowOwnedPopups
GetClassInfoW
GetScrollRange
SetActiveWindow
GetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
EnumChildWindows
GetScrollBarInfo
UnhookWindowsHookEx
SetCapture
GetCapture
ShowCaret
CreatePopupMenu
GetMenuItemID
CharLowerBuffW
PostMessageW
IsZoomed
SetParent
DrawMenuBar
GetClientRect
IsChild
IsIconic
CallNextHookEx
ShowWindow
SetForegroundWindow
GetWindowTextW
IsDialogMessageW
DestroyWindow
RegisterClassW
EndMenu
CharNextW
GetFocus
GetDC
SetFocus
ReleaseDC
SetScrollRange
DrawTextW
PeekMessageA
MessageBeep
LockWindowUpdate
RemovePropW
GetSubMenu
DestroyIcon
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
NotifyWinEvent
GetWindowLongPtrW
SetWindowLongPtrW
LoadStringW
CreateMenu
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
GetSysColorBrush
GetWindowDC
DrawTextExW
EnumClipboardFormats
ScrollDC
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
GetSysColor
EnableScrollBar
TrackPopupMenu
DrawIconEx
GetClassNameW
GetMessagePos
GetIconInfo
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
SetCursorPos
GetCursorPos
SetMenu
GetMenuState
GetMenu
SetRect
GetKeyState
IsRectEmpty
ValidateRect
IsCharAlphaW
GetCursor
KillTimer
BeginDeferWindowPos
WaitMessage
TranslateMDISysAccel
GetWindowPlacement
GetClipboardFormatNameW
CreateIconIndirect
CreateWindowExW
GetDCEx
PeekMessageW
MonitorFromWindow
GetUpdateRect
AnimateWindow
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
MapVirtualKeyW
OffsetRect
IsWindowUnicode
DispatchMessageW
DefMDIChildProcW
GetSystemMenu
SetScrollPos
GetScrollPos
InflateRect
DrawFocusRect
ReleaseCapture
LoadCursorW
ScrollWindow
GetLastActivePopup
GetCursorInfo
GetSystemMetrics
CharUpperBuffW
SetClassLongPtrW
GetClassLongPtrW
SetClipboardData
GetClipboardData
ClientToScreen
SetWindowPlacement
GetMonitorInfoW
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
ToAscii
EnableWindow
GetWindowThreadProcessId
RedrawWindow
EndPaint
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
ActivateKeyboardLayout
GetParent
InsertMenuItemW
GetPropW
MessageBoxW
SetPropW
UpdateWindow
MsgWaitForMultipleObjects
DestroyMenu
SetWindowsHookExW
EmptyClipboard
AdjustWindowRectEx
IsWindow
DrawIcon
EnumThreadWindows
InvalidateRect
SetKeyboardState
GetKeyboardState
ScreenToClient
DrawFrameControl
IsCharAlphaNumericW
BringWindowToTop
SetCursor
CreateIcon
RemoveMenu
SubtractRect
GetKeyboardLayoutNameW
OpenClipboard
TranslateMessage
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
UpdateLayeredWindow
PostQuitMessage
ShowScrollBar
EnableMenuItem
DeferWindowPos
HideCaret
EndDeferWindowPos
FindWindowExW
MonitorFromPoint
LoadIconW
SystemParametersInfoW
GetWindow
GetWindowRect
InsertMenuW
IsWindowEnabled
IsDialogMessageA
FindWindowW
GetKeyboardLayout
DeleteMenu

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegEnumKeyExW
RegFlushKey
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW

msvcrt

isupper
isalpha
isalnum
toupper
memchr
memcmp
memcpy
memset
isprint
isspace
iscntrl
isxdigit
ispunct
isgraph
islower
tolower

libwebp

WebPDecodeBGRInto
WebPGetInfo

bass

BASS_StreamFree
BASS_ChannelPlay
BASS_GetVersion
BASS_SetConfig
BASS_ChannelGetLength
BASS_ChannelStop
BASS_ChannelPause
BASS_Stop
BASS_ChannelGetPosition
BASS_ChannelSetPosition
BASS_ChannelSetAttribute
BASS_Init
BASS_ChannelBytes2Seconds
BASS_StreamCreateFile
BASS_PluginLoad
BASS_Free
BASS_ChannelSeconds2Bytes

kernel32

SetFileAttributesW
GetFileTime
SetFileTime
RtlUnwindEx
QueryDosDeviceW
GetACP
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
GetProcessHeap
ExitProcess
HeapAlloc
FindNextChangeNotification
GetCPInfoExW
GlobalSize
GetSystemTime
RtlUnwind
GetCPInfo
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
HeapDestroy
FileTimeToDosDateTime
ReadFile
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
MapViewOfFile
LoadLibraryA
GetVolumeInformationW
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
GlobalAddAtomW
FindFirstChangeNotificationW
FormatMessageW
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
GetLogicalDrives
GetFileAttributesExW
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
MoveFileExW
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
ReleaseMutex
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetTempFileNameW
GlobalDeleteAtom
GetStartupInfoW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetTempPathW
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
UnmapViewOfFile
GlobalHandle
lstrlenW
CompareStringA
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
CreateMutexA
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
SystemTimeToFileTime
EnumResourceNamesW
DeleteFileW
FindCloseChangeNotification
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
CreateFileMappingW
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

wsock32

send

ole32

RevokeDragDrop
CreateDataAdviseHolder
CreateBindCtx
CoCreateInstance
CoUninitialize
OleGetClipboard
ReleaseStgMedium
OleSetClipboard
RegisterDragDrop
IsEqualGUID
CreateStreamOnHGlobal
OleInitialize
CoInitializeEx
OleUninitialize
CoInitialize
CoDisconnectObject
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

gdi32

Pie
SetBkMode
GetRandomRgn
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
GetTextColor
SetTextColor
StretchBlt
SelectClipRgn
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreatePen
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
GetBitmapBits
GetSystemPaletteEntries
GetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
CreatePenIndirect
SetMapMode
GetMapMode
CreateFontIndirectW
PolyBezier
LPtoDP
EndDoc
GetObjectW
GetCurrentObject
GetWinMetaFileBits
GetTextExtentExPointW
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
CreateRectRgnIndirect
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
GetViewportOrgEx
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
BitBlt
FrameRgn
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
CombineRgn
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
OffsetRgn
SetBkColor
GetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
GetPaletteEntries

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 504KB - Virtual size: 503KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 57KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 632B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa4a1da3293f0999bc653574dce09f14

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ntdll

kernel32

advapi32

Exports

Exports

Sections

.text Size: 730KB - Virtual size: 730KB

.rdata Size: 171KB - Virtual size: 170KB

.data Size: 6KB - Virtual size: 19.5MB

.pdata Size: 9KB - Virtual size: 9KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 10.9MB - Virtual size: 10.9MB

.reloc Size: 2KB - Virtual size: 1KB

Code Sign

5c:9a:26:12:27:57:4c:26:b6:35:0a:6e:5e:00:26:18Certificate

Extended Key Usages

Key Usages

64:33:51:d3:c7:38:9f:08Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

ed:a5:49:9b:3e:77:ab:0f:4a:bf:11:62:bf:5c:68:6c:eb:19:9f:c5Signer

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 143KB - Virtual size: 336KB

.rsrc Size: 1024B - Virtual size: 8KB

petite Size: 3KB - Virtual size: 3KB

9ddc64f586009775eabd3db5c98c00c6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 458KB - Virtual size: 457KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 3KB - Virtual size: 16KB

.pdata Size: 21KB - Virtual size: 21KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1024B - Virtual size: 800B

.reloc Size: 2KB - Virtual size: 1KB

7b584b5098047ada4c6135e5f33828d6

Headers

DLL Characteristics

File Characteristics

Imports

winmm

oleacc

shlwapi

wininet

winspool.drv

comdlg32

comctl32

shell32

user32

version

oleaut32

advapi32

.text
Size: 730KB - Virtual size: 730KB

.rdata
Size: 171KB - Virtual size: 170KB

.data
Size: 6KB - Virtual size: 19.5MB

.pdata
Size: 9KB - Virtual size: 9KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 10.9MB - Virtual size: 10.9MB

.reloc
Size: 2KB - Virtual size: 1KB

5c:9a:26:12:27:57:4c:26:b6:35:0a:6e:5e:00:26:18
Certificate

64:33:51:d3:c7:38:9f:08
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

ed:a5:49:9b:3e:77:ab:0f:4a:bf:11:62:bf:5c:68:6c:eb:19:9f:c5
Signer

.rsrc
Size: 1024B - Virtual size: 8KB

petite
Size: 3KB - Virtual size: 3KB

.text
Size: 458KB - Virtual size: 457KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 3KB - Virtual size: 16KB

.pdata
Size: 21KB - Virtual size: 21KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1024B - Virtual size: 800B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 6.0MB - Virtual size: 6.0MB

.data
Size: 504KB - Virtual size: 503KB

.bss
Size: - Virtual size: 57KB

.idata
Size: 20KB - Virtual size: 20KB

.didata
Size: 4KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 112B

.tls
Size: - Virtual size: 632B

.rdata
Size: 512B - Virtual size: 109B

.pdata
Size: 233KB - Virtual size: 232KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB