46f3afeba3b44de8954f8191e8f5a3dd927094ade85757d554ac3ac2985b6ae3N

Sharing

Copy URL Twitter E-mail

General

Target

46f3afeba3b44de8954f8191e8f5a3dd927094ade85757d554ac3ac2985b6ae3N
Size

509KB
MD5

0000ca5d1740410b19aeda30e000edf0
SHA1

a10446a98f91141e429e1671c397db5440037aae
SHA256

46f3afeba3b44de8954f8191e8f5a3dd927094ade85757d554ac3ac2985b6ae3
SHA512

dcc73c436ce36c9d46446b72d5352d9df07daadfd8efaf739777140f09db6029760d270b2503c7b8bfe429245e00ef1cbcf989f6bede783520fd4e31b5b4909b
SSDEEP

12288:HUiXrNPXD3T4KNUj36rGVppvcAf0xnvWACTewqYeNPI:HUC5D3T4XrTdcAf6WACTewqYQA

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
46f3afeba3b44de8954f8191e8f5a3dd927094ade85757d554ac3ac2985b6ae3N
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/Funshion.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

46f3afeba3b44de8954f8191e8f5a3dd927094ade85757d554ac3ac2985b6ae3N
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 300KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstPath.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/WelcomePage.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$TEMP/installpathcn.bmp
$TEMP/installpathen.bmp
$TEMP/instpath.ini
$TEMP/partner.ini
$TEMP/welcomepage.ini
CrashReport.exe
.exe windows:5 windows x86 arch:x86

e0773e8ad86951a01ab0e4c659e7c2a8

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14/07/2010, 00:00

Not After

02/08/2012, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

16:34:67:fb:31:59:3a:c7:ef:e1:5a:80:b1:4a:42:2b:d8:51:03:db
Signer

Actual PE Digest

16:34:67:fb:31:59:3a:c7:ef:e1:5a:80:b1:4a:42:2b:d8:51:03:db

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetConnectA
FtpSetCurrentDirectoryA
InternetOpenA
InternetCloseHandle
FtpPutFileA

kernel32

GetPrivateProfileIntA
InitializeCriticalSectionAndSpinCount
SizeofResource
Sleep
LeaveCriticalSection
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
WritePrivateProfileStringW
FlushInstructionCache
RaiseException
SetThreadLocale
GetLastError
SetLastError
GetThreadLocale
GetProcAddress
EnterCriticalSection
lstrcmpiW
DeleteCriticalSection
GetCurrentThreadId
DeleteFileA
CreateFileA
ReadFile
CloseHandle
LoadLibraryW
GetPrivateProfileStringA
GetSystemTime
GetModuleFileNameA
GetPrivateProfileStringW
LCMapStringW
WriteConsoleW
SetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetFilePointer
GetConsoleMode
InterlockedIncrement
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
HeapReAlloc
HeapSize
IsProcessorFeaturePresent
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleHandleW
GetCurrentProcess
InterlockedDecrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
GetStringTypeW
InterlockedCompareExchange
InterlockedPushEntrySList
VirtualFree
VirtualAlloc
RtlUnwind
GetFileType
SetHandleCount
GetStdHandle
WriteFile
CreateFileW
GetProcessHeap
SetEndOfFile
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSetInformation
GetCommandLineA
InterlockedPopEntrySList
GetConsoleCP
HeapFree
HeapAlloc
ExitProcess
DecodePointer
EncodePointer

user32

DestroyWindow
GetWindowRect
GetMessageW
PostQuitMessage
UnregisterClassA
LoadImageW
GetParent
GetClientRect
TranslateMessage
IsDialogMessageW
LoadIconW
GetWindowLongW
PeekMessageW
MonitorFromWindow
GetDlgItem
SetWindowLongW
SetWindowPos
ShowWindow
CreateDialogParamW
GetSystemMetrics
SendMessageW
MapWindowPoints
GetMonitorInfoW
DefWindowProcW
GetWindow
DispatchMessageW
CharNextW

gdi32

CreateFontW
GetStockObject
DeleteObject

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoTaskMemRealloc
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize

oleaut32

VarUI4FromStr

shlwapi

PathFindFileNameA
PathRemoveFileSpecW
PathRemoveFileSpecA
PathFileExistsW

comctl32

InitCommonControlsEx

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Funshion.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 484KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FunshionDoctor.exe
.exe windows:5 windows x86 arch:x86

18fa1dd422d30a3c44e8617ead155f18

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14/07/2010, 00:00

Not After

02/08/2012, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

4c:7c:d0:38:74:ba:89:20:48:f9:bc:00:fb:cf:eb:ba:89:84:b7:f4
Signer

Actual PE Digest

4c:7c:d0:38:74:ba:89:20:48:f9:bc:00:fb:cf:eb:ba:89:84:b7:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
GetFileType
SetHandleCount
ReadFile
GetStdHandle
WriteFile
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapCreate
CompareStringW
GetDateFormatA
FindResourceW
LCMapStringW
GetStartupInfoW
HeapSetInformation
GetCommandLineW
IsDebuggerPresent
SetStdHandle
UnhandledExceptionFilter
GetDateFormatW
GetTimeFormatW
GetSystemTimeAsFileTime
GetCPInfo
CreateThread
ExitThread
RtlUnwind
GetLocaleInfoW
DecodePointer
EncodePointer
InitializeCriticalSection
GetStringTypeW
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
CreateFileW
WriteConsoleW
CreateFileA
SetEndOfFile
SetEnvironmentVariableA
GetTickCount
TerminateThread
lstrlenA
GetPrivateProfileIntA
GetModuleFileNameA
Sleep
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetVersionExW
WideCharToMultiByte
OpenProcess
TerminateProcess
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
CreateEventW
ResumeThread
GlobalAlloc
SetEvent
LoadResource
RaiseException
SizeofResource
MultiByteToWideChar
SetLastError
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
lstrlenW
GetCurrentThreadId
LoadLibraryW
GetProcAddress
InterlockedCompareExchange
WaitForSingleObject
CloseHandle
ResetEvent
CreateMutexW
lstrcpynW
FindResourceExW
LockResource
GetModuleFileNameW
SetUnhandledExceptionFilter
LoadLibraryExW
FreeLibrary
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
GetTimeFormatA

user32

GetClientRect
ShowWindow
GetDlgCtrlID
DrawTextW
BeginPaint
EndPaint
SendMessageW
DefWindowProcW
CallWindowProcW
GetWindowLongW
SetWindowLongW
MoveWindow
BringWindowToTop
CreateDialogParamW
GetActiveWindow
DialogBoxParamW
GetClassInfoW
FindWindowA
FillRect
CopyRect
SetWindowPos
GetUpdateRect
InvalidateRect
GetSysColor
ReleaseDC
GetDC
SetRect
PtInRect
SetRectEmpty
PostMessageW
GetWindowTextW
GetWindowTextLengthW
DestroyWindow
RegisterClassW
CharNextW
GetSystemMetrics
CreateWindowExW
RegisterClassExW
SendDlgItemMessageW
EndDialog
LoadCursorW
GetClassInfoExW
SetScrollInfo
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
EnableWindow
RedrawWindow
IsWindowVisible
SetWindowTextW
MessageBoxW
GetCapture
ReleaseCapture
LoadImageW
GetScrollInfo
GetScrollPos
FindWindowW
SetWindowRgn
GetParent
GetKeyState
GetCursorPos
SetFocus
SetCapture
KillTimer
SetTimer
ScreenToClient
GetWindowRect
UnregisterClassA

gdi32

SetTextColor
Rectangle
SetBkMode
SelectObject
CreateCompatibleDC
SetStretchBltMode
LineTo
MoveToEx
GetStockObject
CreateRoundRectRgn
CreatePatternBrush
StretchBlt
RoundRect
GetObjectW
SetBkColor
SetBrushOrgEx
GetDeviceCaps
BitBlt
DeleteDC
GetCurrentObject
DeleteObject
CreatePen
CreateFontIndirectW
CreateSolidBrush
CreateCompatibleBitmap
TextOutW

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW

shell32

ShellExecuteW
SHGetSpecialFolderPathA

ole32

CreateStreamOnHGlobal
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize

oleaut32

OleLoadPicture
VarUI4FromStr

shlwapi

PathRemoveArgsW
PathFileExistsA
PathFileExistsW

comctl32

_TrackMouseEvent
ImageList_Draw
ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ImageList_GetImageInfo
ImageList_GetImageCount
InitCommonControlsEx

urlmon

UrlMkGetSessionOption

wininet

InternetOpenUrlW
InternetGetConnectedState
InternetOpenA
InternetSetOptionA

iphlpapi

GetPerAdapterInfo
GetAdaptersInfo
GetNetworkParams

psapi

GetProcessMemoryInfo

dnsapi

DnsQuery_A
DnsFree

ws2_32

__WSAFDIsSet
ntohl
htonl
ntohs
socket
htons
select
closesocket
gethostbyname
inet_ntoa
WSACleanup
WSAStartup
inet_addr
send
recv
WSAGetLastError
ioctlsocket
connect

netapi32

Netbios

Sections

.text
Size: 342KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 300KB

.rsrc Size: 32KB - Virtual size: 31KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

e0773e8ad86951a01ab0e4c659e7c2a8

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7Certificate

Extended Key Usages

16:34:67:fb:31:59:3a:c7:ef:e1:5a:80:b1:4a:42:2b:d8:51:03:dbSigner

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 95KB - Virtual size: 95KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 9KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 300KB

.rsrc
Size: 32KB - Virtual size: 31KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

16:34:67:fb:31:59:3a:c7:ef:e1:5a:80:b1:4a:42:2b:d8:51:03:db
Signer

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 484KB - Virtual size: 484KB

.data
Size: 51KB - Virtual size: 93KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 114KB - Virtual size: 113KB

.reloc
Size: 140KB - Virtual size: 139KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

4c:7c:d0:38:74:ba:89:20:48:f9:bc:00:fb:cf:eb:ba:89:84:b7:f4
Signer

.text
Size: 342KB - Virtual size: 341KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 14KB - Virtual size: 23KB

.rsrc
Size: 82KB - Virtual size: 81KB

.reloc
Size: 23KB - Virtual size: 23KB