fakeapp若干[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

fakeapp若干.rar
Size

14.3MB
MD5

93581ed07f37497e5bb435a3aa4d3b5b
SHA1

063a6885fa1f54cb0c418dd177c0404cb93a32e5
SHA256

b490e466486497f867da4aebe19f2f429477bd1ef739b74d3b57830ab1721ed3
SHA512

0c43f48a07367d8d1b2c0a5224b2eb0d1f8f32c92d7a68d58047ba074020cc99613769142055a7a70c8ab0632dade00347183385408ed9b4328d75c5b3fee6a2
SSDEEP

393216:QAvxTVsh8BHZ47//tY+VX6jQcbUPcpMEMkoQcShy+eAg3:QAvohj7//LxGXLdhyf3

Score

3^/10

Malware Config

Signatures

Embeds OpenSSL 5 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
static1/unpack001/fakeapp若干/setup_1.5.4.exe	embeds_openssl
static1/unpack001/fakeapp若干/setup_2.7.6.exe	embeds_openssl
static1/unpack001/fakeapp若干/安装包6.5.1-doc-uninsta.exe	embeds_openssl
static1/unpack001/fakeapp若干/疑似重复setup_2.7.6.exe	embeds_openssl
static1/unpack001/fakeapp若干/疑似重复安装包6.5.1-doc-uninsta.exe	embeds_openssl

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fakeapp若干/iuio.Setup.15.exe
unpack001/fakeapp若干/setup_1.5.4.exe
unpack001/fakeapp若干/setup_2.7.6.exe
unpack001/fakeapp若干/安装包6.5.1-doc-uninsta.exe
unpack001/fakeapp若干/疑似重复setup_2.7.6.exe
unpack001/fakeapp若干/疑似重复安装包6.5.1-doc-uninsta.exe

Files

fakeapp若干.rar
.rar

Password: infected
fakeapp若干/iuio.Setup.15.exe
.exe windows:5 windows x64 arch:x64

Password: infected

15b3224e3d40a0c91c1309c1317f7f8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

StrFormatKBSizeA

comctl32

PropertySheetA

kernel32

OutputDebugStringW
ReadConsoleW
WriteConsoleW
SetFilePointerEx
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStringTypeW
CreateFileW
GetProcAddress
DeleteFileA
GetCurrentThreadId
GetCPInfo
LocalFree
GetACP
IsValidCodePage
GetProcessHeap
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetFileAttributesA
FindResourceA
GetEnvironmentVariableA
FormatMessageA
GetTickCount
GetSystemInfo
MulDiv
DeviceIoControl
SizeofResource
LoadResource
LockResource
CreateFileA
CloseHandle
GetLastError
GetVersion
GetModuleHandleA
GetCommandLineW
LoadLibraryA
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
GetFileType
SetEndOfFile
LCMapStringW
GetOEMCP
LocalAlloc
HeapSize
LoadLibraryExW
GetCurrentProcess
Sleep
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
HeapAlloc
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
HeapFree
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
CreateThread
ExitThread
ResumeThread
GetCommandLineA
DeleteCriticalSection
FlushFileBuffers
WriteFile
GetConsoleCP
RtlUnwindEx
IsDebuggerPresent
IsProcessorFeaturePresent
ReadFile
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
VirtualAlloc

user32

MessageBoxA
InvalidateRect
ReleaseDC
GetDC
DrawTextA
KillTimer
SetTimer
SetFocus
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
GetDlgItemInt
ShowWindow
PostQuitMessage
FillRect
RegisterWindowMessageA
wsprintfA
LoadCursorA
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextA
GetDlgItem
EndDialog
DialogBoxIndirectParamA
SendMessageA
PostMessageA

gdi32

SetBkMode
SelectObject
DeleteObject
DeleteDC
CreateSolidBrush
CreateFontIndirectA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
EndPage
StartPage
EndDoc
StartDocA
SetMapMode
GetDeviceCaps
SetTextColor

comdlg32

PrintDlgA
ChooseColorA

advapi32

RegQueryValueExA
StartServiceA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
RegSetValueExA
RegQueryValueExW
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey

shell32

CommandLineToArgvW

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fakeapp若干/setup_1.5.4.exe
.exe windows:6 windows x64 arch:x64

Password: infected

ef863a1e92c277a6e2e05cd3aa8dbf06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CompareStringEx
CompareStringW
ConvertFiberToThread
ConvertThreadToFiberEx
CopyFileW
CreateDirectoryW
CreateEventA
CreateEventExW
CreateEventW
CreateFiberEx
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateMutexA
CreateMutexW
CreatePipe
CreateProcessW
CreateSemaphoreA
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateWaitableTimerA
DecodePointer
DeleteCriticalSection
DeleteFiber
DeleteFileW
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemFirmwareTables
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameW
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSize
GetFileSizeEx
GetFileType
GetFullPathNameW
GetHandleInformation
GetLastError
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalDriveStringsW
GetLogicalProcessorInformation
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessTimes
GetQueuedCompletionStatusEx
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
GetTickCount64
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalFree
MoveFileExW
MultiByteToWideChar
OpenEventA
OpenProcess
OutputDebugStringW
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleA
ReadConsoleW
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleTextAttribute
SetCurrentDirectoryW
SetDllDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFileCompletionNotificationModes
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetStdHandle
SetThreadAffinityMask
SetThreadPriority
SetThreadpoolTimer
SetThreadpoolWait
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
SubmitThreadpoolWork
SwitchToFiber
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualProtectEx
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
WaitForThreadpoolTimerCallbacks
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
ShowWindow

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSAPoll
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASetLastError
WSASocketA
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getnameinfo
getpeername
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

advapi32

CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptEnumProvidersW
CryptExportKey
CryptGenRandom
CryptGetProvParam
CryptGetUserKey
CryptReleaseContext
CryptSetHashParam
CryptSignHashW
DeregisterEventSource
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegisterEventSourceW
ReportEventW
SetSecurityDescriptorDacl

mswsock

TransmitFile

iphlpapi

GetAdaptersAddresses
if_indextoname

crypt32

CertCloseStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertOpenSystemStoreW

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 152B

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fakeapp若干/setup_2.7.6.exe
.exe windows:6 windows x64 arch:x64

Password: infected

ef863a1e92c277a6e2e05cd3aa8dbf06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CompareStringEx
CompareStringW
ConvertFiberToThread
ConvertThreadToFiberEx
CopyFileW
CreateDirectoryW
CreateEventA
CreateEventExW
CreateEventW
CreateFiberEx
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateMutexA
CreateMutexW
CreatePipe
CreateProcessW
CreateSemaphoreA
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateWaitableTimerA
DecodePointer
DeleteCriticalSection
DeleteFiber
DeleteFileW
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemFirmwareTables
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameW
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSize
GetFileSizeEx
GetFileType
GetFullPathNameW
GetHandleInformation
GetLastError
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalDriveStringsW
GetLogicalProcessorInformation
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessTimes
GetQueuedCompletionStatusEx
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
GetTickCount64
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalFree
MoveFileExW
MultiByteToWideChar
OpenEventA
OpenProcess
OutputDebugStringW
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleA
ReadConsoleW
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleTextAttribute
SetCurrentDirectoryW
SetDllDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFileCompletionNotificationModes
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetStdHandle
SetThreadAffinityMask
SetThreadPriority
SetThreadpoolTimer
SetThreadpoolWait
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
SubmitThreadpoolWork
SwitchToFiber
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualProtectEx
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
WaitForThreadpoolTimerCallbacks
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
ShowWindow

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSAPoll
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASetLastError
WSASocketA
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getnameinfo
getpeername
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

advapi32

CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptEnumProvidersW
CryptExportKey
CryptGenRandom
CryptGetProvParam
CryptGetUserKey
CryptReleaseContext
CryptSetHashParam
CryptSignHashW
DeregisterEventSource
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegisterEventSourceW
ReportEventW
SetSecurityDescriptorDacl

mswsock

TransmitFile

iphlpapi

GetAdaptersAddresses
if_indextoname

crypt32

CertCloseStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertOpenSystemStoreW

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 152B

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fakeapp若干/安装包6.5.1-doc-uninsta.exe
.exe windows:6 windows x64 arch:x64

Password: infected

ef863a1e92c277a6e2e05cd3aa8dbf06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CompareStringEx
CompareStringW
ConvertFiberToThread
ConvertThreadToFiberEx
CopyFileW
CreateDirectoryW
CreateEventA
CreateEventExW
CreateEventW
CreateFiberEx
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateMutexA
CreateMutexW
CreatePipe
CreateProcessW
CreateSemaphoreA
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateWaitableTimerA
DecodePointer
DeleteCriticalSection
DeleteFiber
DeleteFileW
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemFirmwareTables
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameW
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSize
GetFileSizeEx
GetFileType
GetFullPathNameW
GetHandleInformation
GetLastError
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalDriveStringsW
GetLogicalProcessorInformation
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessTimes
GetQueuedCompletionStatusEx
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
GetTickCount64
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalFree
MoveFileExW
MultiByteToWideChar
OpenEventA
OpenProcess
OutputDebugStringW
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleA
ReadConsoleW
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleTextAttribute
SetCurrentDirectoryW
SetDllDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFileCompletionNotificationModes
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetStdHandle
SetThreadAffinityMask
SetThreadPriority
SetThreadpoolTimer
SetThreadpoolWait
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
SubmitThreadpoolWork
SwitchToFiber
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualProtectEx
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
WaitForThreadpoolTimerCallbacks
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
ShowWindow

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSAPoll
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASetLastError
WSASocketA
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getnameinfo
getpeername
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

advapi32

CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptEnumProvidersW
CryptExportKey
CryptGenRandom
CryptGetProvParam
CryptGetUserKey
CryptReleaseContext
CryptSetHashParam
CryptSignHashW
DeregisterEventSource
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegisterEventSourceW
ReportEventW
SetSecurityDescriptorDacl

mswsock

TransmitFile

iphlpapi

GetAdaptersAddresses
if_indextoname

crypt32

CertCloseStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertOpenSystemStoreW

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 152B

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fakeapp若干/疑似重复setup_2.7.6.exe
.exe windows:6 windows x64 arch:x64

Password: infected

ef863a1e92c277a6e2e05cd3aa8dbf06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CompareStringEx
CompareStringW
ConvertFiberToThread
ConvertThreadToFiberEx
CopyFileW
CreateDirectoryW
CreateEventA
CreateEventExW
CreateEventW
CreateFiberEx
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateMutexA
CreateMutexW
CreatePipe
CreateProcessW
CreateSemaphoreA
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateWaitableTimerA
DecodePointer
DeleteCriticalSection
DeleteFiber
DeleteFileW
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemFirmwareTables
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameW
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSize
GetFileSizeEx
GetFileType
GetFullPathNameW
GetHandleInformation
GetLastError
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalDriveStringsW
GetLogicalProcessorInformation
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessTimes
GetQueuedCompletionStatusEx
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
GetTickCount64
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalFree
MoveFileExW
MultiByteToWideChar
OpenEventA
OpenProcess
OutputDebugStringW
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleA
ReadConsoleW
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleTextAttribute
SetCurrentDirectoryW
SetDllDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFileCompletionNotificationModes
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetStdHandle
SetThreadAffinityMask
SetThreadPriority
SetThreadpoolTimer
SetThreadpoolWait
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
SubmitThreadpoolWork
SwitchToFiber
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualProtectEx
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
WaitForThreadpoolTimerCallbacks
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
ShowWindow

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSAPoll
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASetLastError
WSASocketA
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getnameinfo
getpeername
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

advapi32

CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptEnumProvidersW
CryptExportKey
CryptGenRandom
CryptGetProvParam
CryptGetUserKey
CryptReleaseContext
CryptSetHashParam
CryptSignHashW
DeregisterEventSource
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegisterEventSourceW
ReportEventW
SetSecurityDescriptorDacl

mswsock

TransmitFile

iphlpapi

GetAdaptersAddresses
if_indextoname

crypt32

CertCloseStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertOpenSystemStoreW

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 152B

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fakeapp若干/疑似重复安装包6.5.1-doc-uninsta.exe
.exe windows:6 windows x64 arch:x64

Password: infected

ef863a1e92c277a6e2e05cd3aa8dbf06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CompareStringEx
CompareStringW
ConvertFiberToThread
ConvertThreadToFiberEx
CopyFileW
CreateDirectoryW
CreateEventA
CreateEventExW
CreateEventW
CreateFiberEx
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateMutexA
CreateMutexW
CreatePipe
CreateProcessW
CreateSemaphoreA
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateWaitableTimerA
DecodePointer
DeleteCriticalSection
DeleteFiber
DeleteFileW
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemFirmwareTables
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameW
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSize
GetFileSizeEx
GetFileType
GetFullPathNameW
GetHandleInformation
GetLastError
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalDriveStringsW
GetLogicalProcessorInformation
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessTimes
GetQueuedCompletionStatusEx
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
GetTickCount64
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalFree
MoveFileExW
MultiByteToWideChar
OpenEventA
OpenProcess
OutputDebugStringW
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleA
ReadConsoleW
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleTextAttribute
SetCurrentDirectoryW
SetDllDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFileCompletionNotificationModes
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetStdHandle
SetThreadAffinityMask
SetThreadPriority
SetThreadpoolTimer
SetThreadpoolWait
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
SubmitThreadpoolWork
SwitchToFiber
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualProtectEx
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
WaitForThreadpoolTimerCallbacks
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
ShowWindow

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSAPoll
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASetLastError
WSASocketA
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getnameinfo
getpeername
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

advapi32

CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptEnumProvidersW
CryptExportKey
CryptGenRandom
CryptGetProvParam
CryptGetUserKey
CryptReleaseContext
CryptSetHashParam
CryptSignHashW
DeregisterEventSource
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegisterEventSourceW
ReportEventW
SetSecurityDescriptorDacl

mswsock

TransmitFile

iphlpapi

GetAdaptersAddresses
if_indextoname

crypt32

CertCloseStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertOpenSystemStoreW

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 152B

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

15b3224e3d40a0c91c1309c1317f7f8a

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 87KB - Virtual size: 86KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 67KB - Virtual size: 79KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 94KB - Virtual size: 93KB

.reloc Size: 1KB - Virtual size: 1KB

Password: infected

ef863a1e92c277a6e2e05cd3aa8dbf06

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

advapi32

mswsock

iphlpapi

crypt32

Sections

.text Size: 6.9MB - Virtual size: 6.9MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 87KB - Virtual size: 111KB

.pdata Size: 356KB - Virtual size: 356KB

.00cfg Size: 512B - Virtual size: 48B

.gxfg Size: 58KB - Virtual size: 58KB

.retplne Size: 512B - Virtual size: 152B

.tls Size: 512B - Virtual size: 9B

.voltbl Size: 3KB - Virtual size: 2KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 59KB - Virtual size: 59KB

.rsrc Size: 2KB - Virtual size: 1KB

Password: infected

ef863a1e92c277a6e2e05cd3aa8dbf06

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

advapi32

mswsock

iphlpapi

crypt32

Sections

.text Size: 6.9MB - Virtual size: 6.9MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 87KB - Virtual size: 111KB

.pdata Size: 356KB - Virtual size: 356KB

.00cfg Size: 512B - Virtual size: 48B

.gxfg Size: 58KB - Virtual size: 58KB

.retplne Size: 512B - Virtual size: 152B

.tls Size: 512B - Virtual size: 9B

.voltbl Size: 3KB - Virtual size: 2KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 59KB - Virtual size: 59KB

.rsrc Size: 2KB - Virtual size: 1KB

Password: infected

.text
Size: 87KB - Virtual size: 86KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 67KB - Virtual size: 79KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 94KB - Virtual size: 93KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 6.9MB - Virtual size: 6.9MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 87KB - Virtual size: 111KB

.pdata
Size: 356KB - Virtual size: 356KB

.00cfg
Size: 512B - Virtual size: 48B

.gxfg
Size: 58KB - Virtual size: 58KB

.retplne
Size: 512B - Virtual size: 152B

.tls
Size: 512B - Virtual size: 9B

.voltbl
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 59KB - Virtual size: 59KB

.rsrc
Size: 2KB - Virtual size: 1KB

.text
Size: 6.9MB - Virtual size: 6.9MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 87KB - Virtual size: 111KB

.pdata
Size: 356KB - Virtual size: 356KB

.00cfg
Size: 512B - Virtual size: 48B

.gxfg
Size: 58KB - Virtual size: 58KB

.retplne
Size: 512B - Virtual size: 152B

.tls
Size: 512B - Virtual size: 9B

.voltbl
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 59KB - Virtual size: 59KB

.rsrc
Size: 2KB - Virtual size: 1KB

.text
Size: 6.9MB - Virtual size: 6.9MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 87KB - Virtual size: 111KB

.pdata
Size: 356KB - Virtual size: 356KB

.00cfg
Size: 512B - Virtual size: 48B

.gxfg
Size: 58KB - Virtual size: 58KB

.retplne
Size: 512B - Virtual size: 152B

.tls
Size: 512B - Virtual size: 9B

.voltbl
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 59KB - Virtual size: 59KB

.rsrc
Size: 2KB - Virtual size: 1KB

.text
Size: 6.9MB - Virtual size: 6.9MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 87KB - Virtual size: 111KB

.pdata
Size: 356KB - Virtual size: 356KB

.00cfg
Size: 512B - Virtual size: 48B

.gxfg
Size: 58KB - Virtual size: 58KB

.retplne
Size: 512B - Virtual size: 152B

.tls
Size: 512B - Virtual size: 9B

.voltbl
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 59KB - Virtual size: 59KB

.rsrc
Size: 2KB - Virtual size: 1KB

.text
Size: 6.9MB - Virtual size: 6.9MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 87KB - Virtual size: 111KB

.pdata
Size: 356KB - Virtual size: 356KB

.00cfg
Size: 512B - Virtual size: 48B