SetupAnx_10[.]01_[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SetupAnx_10.01_.exe
Size

8.0MB
MD5

2e3574b7f42765f0c184ab5dcf7f2a81
SHA1

65ba15eb78c3c58e82c0c8b46e16265933d91e16
SHA256

2cd03ebc9e76a32455d2b426cc3e7747cc80fb0f1ada1268c581b12dfdf5e4f2
SHA512

7f04826e6394b15a20b5ccf028263c7971ed5dc89fcdc8ed0c41646f85b530dff0dd3ddbf85ec0fb68928fc1f581e65f57d085bf5866ee01255aad48c9590931
SSDEEP

196608:J4SZuUaA4fwSsBm8jH3x8Af9WvaHE6gDUcdKka8on6CATNx:tZUtsBNrx8+9a4c9a8o6Cmx

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
SetupAnx_10.01_.exe
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/Uninstall_bass.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack001/VFP6R.DLL
unpack001/anexe.exe
unpack001/vfp6renu.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/Uninstall_bass.exe	nsis_installer_1
static1/unpack001/Uninstall_bass.exe	nsis_installer_2

Files

SetupAnx_10.01_.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Finish.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/btmimg.bmp
$PLUGINSDIR/header.bmp
$PLUGINSDIR/isWelcome.ini
$PLUGINSDIR/leftimg.bmp
A11_A12.INI
Uninstall_bass.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Finish.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/btmimg.bmp
$PLUGINSDIR/header.bmp
$PLUGINSDIR/isWelcome.ini
$PLUGINSDIR/leftimg.bmp
VFP6R.DLL
.dll regsvr32 windows:4 windows x86 arch:x86

b07da0874b1f490093ddaa145e84d116

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetShortPathNameA
GetStringTypeExA
SizeofResource
InterlockedExchange
GetComputerNameA
CreateProcessA
GetUserDefaultLangID
GlobalFlags
GetSystemInfo
GlobalReAlloc
GetSystemDirectoryA
IsBadCodePtr
HeapCreate
GlobalMemoryStatus
VirtualAlloc
VirtualFree
SetProcessWorkingSetSize
HeapReAlloc
HeapFree
HeapAlloc
HeapSize
GetDateFormatA
GetTimeFormatA
GetProfileIntA
lstrcatA
HeapDestroy
WaitForSingleObject
lstrcmpiA
GlobalCompact
FindResourceA
LoadResource
LockResource
lstrlenA
_lopen
_lread
_lclose
FormatMessageA
WideCharToMultiByte
LCMapStringA
GetSystemDefaultLCID
IsDBCSLeadByte
GlobalAlloc
GetSystemDefaultLangID
GlobalFree
GetFileSize
MoveFileA
DeleteFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
FindNextFileA
GetLogicalDrives
GetVolumeInformationA
GetDiskFreeSpaceA
SystemTimeToFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
FileTimeToDosDateTime
EnterCriticalSection
FindFirstFileA
UnlockFile
GetFileTime
SetErrorMode
LocalFree
Sleep
WinExec
GetModuleFileNameA
MulDiv
LockFile
GetCurrentProcess
DuplicateHandle
SetEndOfFile
SetFilePointer
WriteFile
ReadFile
CloseHandle
GetFileAttributesA
CreateFileA
GetLastError
GetDriveTypeA
RaiseException
IsValidLocale
GetProfileStringA
GetOEMCP
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTickCount
GetFullPathNameA
GlobalSize
GlobalLock
GlobalUnlock
SearchPathA
GetModuleHandleA
InterlockedIncrement
GetLocaleInfoA
GetCurrentProcessId
MultiByteToWideChar
InitializeCriticalSection
lstrlenW
lstrcpyA
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
FindClose
CopyFileA
SetFileAttributesA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCPInfo
GetSystemTime
QueryPerformanceFrequency
GetACP
GetVersionExA
GetLocalTime
IsBadReadPtr
InterlockedDecrement

user32

GetSystemMetrics
InsertMenuItemA
BringWindowToTop
DefWindowProcA
SendMessageA
EndPaint
SetFocus
EnableWindow
MessageBoxA
DestroyMenu
DestroyWindow
ShowWindow
SetClassLongA
GetClassLongA
UpdateWindow
GetWindowLongA
MoveWindow
PostMessageA
GetMenuItemInfoA
GetMenuItemCount
RemoveMenu
ReleaseDC
GetDC
TranslateMessage
GetQueueStatus
SetTimer
PeekMessageA
KillTimer
OffsetRect
GetDesktopWindow
DrawFocusRect
SetClipboardViewer
ChangeClipboardChain
CreateWindowExA
AdjustWindowRect
LoadImageA
ReleaseCapture
SetCapture
GetClassInfoA
RedrawWindow
UnregisterClassA
SetWindowLongA
LoadStringA
FillRect
FrameRect
InflateRect
DrawTextA
SetRectEmpty
CopyRect
PostQuitMessage
GetMenu
ClipCursor
GetClipboardFormatNameA
GetKeyboardLayout
RegisterClipboardFormatA
GetCapture
GetAsyncKeyState
ValidateRect
OemToCharBuffA
InSendMessage
CharPrevA
CharNextA
GetKeyboardType
CharToOemBuffA
ShowCursor
GetActiveWindow
GetFocus
GetCursorPos
GetKeyState
CharUpperBuffA
CharLowerBuffA
DialogBoxParamA
CheckRadioButton
CreateIcon
DestroyCursor
ClientToScreen
RegisterClassA
LoadCursorA
IsWindowVisible
IsIconic
GetSubMenu
IsWindow
SetParent
IsDlgButtonChecked
CheckDlgButton
InvalidateRect
GetWindow
DestroyIcon
DrawIcon
LoadAcceleratorsA
CopyAcceleratorTableA
CreateAcceleratorTableA
DestroyAcceleratorTable
IsChild
SetClipboardData
GetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
FindWindowA
GetWindowThreadProcessId
SetCursorPos
GetCursor
keybd_event
MessageBeep
MapVirtualKeyA
GetKeyboardState
SetKeyboardState
CharToOemA
WinHelpA
SetCursor
SetRect
EndDialog
CallWindowProcA
GetClassInfoExA
RegisterClassExA
GetWindowTextA
GetDlgItem
SendDlgItemMessageA
SetWindowTextA
SetForegroundWindow
SetActiveWindow
GetSysColorBrush
DrawIconEx
AppendMenuA
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetScrollInfo
SetScrollInfo
ShowScrollBar
IsZoomed
AdjustWindowRectEx
GetMenuStringA
GetMenuItemID
CreateMDIWindowA
LoadIconA
ShowCaret
SetCaretPos
HideCaret
DestroyCaret
ScrollDC
InvalidateRgn
RegisterWindowMessageA
DrawFrameControl
EnableMenuItem
InsertMenuA
ModifyMenuA
SetMenu
SetMenuItemInfoA
SystemParametersInfoA
GetSystemMenu
DeleteMenu
LoadMenuIndirectA
CreatePopupMenu
DrawMenuBar
GrayStringA
GetWindowDC
SubtractRect
GetDCEx
WindowFromPoint
GetClassNameA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
DispatchMessageA
GetMessageA
DdeAbandonTransaction
DdeUninitialize
DdeInitializeA
DdePostAdvise
DdeClientTransaction
DdeDisconnect
DdeConnect
DdeAccessData
DdeUnaccessData
DdeFreeDataHandle
DdeEnableCallback
DdeGetLastError
UnionRect
LoadCursorFromFileA
CreateCursor
SetWindowPos
DdeNameService
DdeFreeStringHandle
DdeCreateDataHandle
DdeCreateStringHandleA
DdeQueryStringA
GetSysColor
IsClipboardFormatAvailable
CreateCaret
GetClientRect
ScreenToClient
GetWindowRect
GetParent
SetWindowRgn
EqualRect
IntersectRect
wsprintfA
CreateMenu
PtInRect
SetDlgItemTextA
LoadBitmapA
GetUpdateRect
BeginPaint
ActivateKeyboardLayout

gdi32

SetBrushOrgEx
DeleteMetaFile
CloseMetaFile
GetDIBits
StretchDIBits
GetClipBox
CreateRectRgnIndirect
EnumFontsA
GetDeviceCaps
SetBkColor
SetTextColor
Rectangle
GetBkColor
GetTextColor
GetStockObject
SelectObject
PatBlt
DeleteObject
GetObjectA
CreateHalftonePalette
DeleteDC
CreatePalette
GetDIBColorTable
CreateCompatibleDC
RealizePalette
SelectPalette
SetBkMode
GetBkMode
CreateFontIndirectA
BitBlt
RoundRect
Ellipse
CreateRoundRectRgn
CreateEllipticRgnIndirect
FillRgn
CombineRgn
LineTo
MoveToEx
CreatePen
CreateSolidBrush
SetROP2
GetROP2
GetDCOrgEx
LPtoDP
UnrealizeObject
PaintRgn
CreateRectRgn
CreatePatternBrush
CreateBitmap
GetRgnBox
RectInRegion
FrameRgn
Polyline
GetPixel
EnumFontFamiliesExA
AddFontResourceA
GetTextMetricsA
RemoveFontResourceA
SetTextAlign
GetTextAlign
CopyMetaFileA
CreateHatchBrush
SelectClipRgn
SetRectRgn
ExtTextOutA
GetTextExtentPointA
GdiFlush
OffsetRgn
SetBitmapBits
AbortDoc
EndDoc
StartDocA
EndPage
StartPage
CreateICA
Escape
EnumFontFamiliesA
GetBitmapBits
CreateCompatibleBitmap
CreateBrushIndirect
SetDIBits
CreateDIBitmap
SetViewportExtEx
CreateDCA
SetMapMode
SetViewportOrgEx
CreateMetaFileA
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
SetStretchBltMode
StretchBlt

winspool.drv

ClosePrinter
WritePrinter
DocumentPropertiesA
GetPrinterA
EnumPrintersA
EndDocPrinter
StartDocPrinterA
OpenPrinterA

comdlg32

ChooseColorA
ChooseFontA
CommDlgExtendedError
PrintDlgA
GetOpenFileNameA
GetSaveFileNameA

comctl32

ImageList_Add
ImageList_DragMove
ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag

advapi32

RegQueryInfoKeyA
RegEnumValueA
RegDeleteValueA
RegEnumKeyA
RegSetValueA
RegOpenKeyW
RegQueryValueA
RegCreateKeyA
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegOpenKeyA

shell32

ShellExecuteA
SHFileOperationA
SHAppBarMessage
DragQueryFileA

msvcrt

_mbschr
_mbsrchr
_mbsstr
_mbscspn
_mbsnbcpy
_mbsnbicmp
_mbsnbcat
_stricmp
_strnicmp
strchr
strrchr
strstr
strncpy
strncat
strcspn
_winmajor
_winminor
strtok
atoi
atof
_HUGE
toupper
ceil
floor
sqrt
_itoa
__mb_cur_max
_isctype
_pctype
memcmp
abs
memmove
strcmp
_ftol
strcat
memset
wcslen
wcsncpy
_wcsicmp
_purecall
strcpy
exit
longjmp
_seh_longjmp_unwind
_except_handler3
strlen
_control87
_setjmp3
memchr
atol
strncmp
_mbsicmp
_makepath
_splitpath
sin
cos
acos
asin
atan
tan
atan2
pow
exp
log10
log
getenv
_rmdir
_mkdir
_setmode
_isatty
fabs
modf
ldexp
sscanf
_ultoa
iswctype
strtoul
div
isspace
wcschr
wcscat
wcscpy
_strupr
strspn
ldiv
_strrev
_access
__CxxFrameHandler
_CxxThrowException
isalnum
sprintf
fprintf
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
_iob
__dllonexit
_onexit
free
malloc

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

mpr

WNetOpenEnumA
WNetCloseEnum
WNetEnumResourceA
WNetAddConnection2A
WNetGetUserA
WNetCancelConnection2A
WNetGetConnectionA

oleaut32

SafeArrayCreate
SafeArrayUnaccessData
VariantCopy
LoadRegTypeLi
CreateErrorInfo
SysAllocString
SetErrorInfo
SysStringLen
SysAllocStringLen
SysFreeString
LoadTypeLi
VariantInit
VariantClear
VariantCopyInd
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayGetUBound
GetActiveObject
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayPutElement
OleCreatePropertyFrame
SafeArrayAccessData
DispCallFunc
GetErrorInfo
OleCreatePictureIndirect
OleLoadPicture
RevokeActiveObject
VariantChangeType

ole32

OleRegGetUserType
OleRegGetMiscStatus
CoCreateInstance
StringFromGUID2
OleRegEnumVerbs
CreateDataAdviseHolder
CLSIDFromProgID
CoLockObjectExternal
CLSIDFromString
CoRegisterClassObject
CoUninitialize
CoInitialize
ReleaseStgMedium
CoRevokeClassObject
CoGetMalloc
OleCreateMenuDescriptor
DoDragDrop
RegisterDragDrop
RevokeDragDrop
OleDuplicateData
OleGetClipboard
CoTaskMemFree
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleBuildVersion
OleUninitialize
WriteClassStm
OleSaveToStream
CoDisconnectObject
StgCreateDocfile
OleInitialize
StgIsStorageFile
ProgIDFromCLSID
CreateOleAdviseHolder
OleDestroyMenuDescriptor
StgOpenStorage
OleFlushClipboard
OleIsCurrentClipboard
OleIsRunning
BindMoniker
MkParseDisplayName
CreateBindCtx
OleSave
WriteClassStg
OleDraw
OleLoad
CreateFileMoniker
ReadClassStg
OleConvertOLESTREAMToIStorage
OleCreate
OleCreateFromFile
OleCreateLinkToFile
CoIsOle1Class
OleCreateLinkFromData
OleCreateFromData
OleCreateStaticFromData
OleSetContainedObject
OleConvertIStorageToOLESTREAM
OleQueryLinkFromData
OleRun
IsAccelerator
OleSetMenuDescriptor
CreateGenericComposite
CreateItemMoniker
OleSetClipboard
CoGetClassObject
OleDoAutoConvert
ReadClassStm
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleGetIconOfClass
StgOpenStorageOnILockBytes
GetHGlobalFromILockBytes
GetClassFile
OleQueryCreateFromData
StringFromCLSID

winmm

PlaySoundA
timeGetTime

Exports

Exports

@OCXAPIInit@4
DllCanUnloadNow
DllGetClassObject
DllOleInit
DllRegisterServer
DllUnregisterServer
DllWinMain
VFPDllCanUnloadNow
VFPDllGetClassObject

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
anexe.chm
.chm
anexe.exe
.exe windows:4 windows x86 arch:x86

208bd77ce42c2f2815c3279bdb7a44d9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__set_app_type
__p__fmode
_adjust_fdiv
_controlfp
_access
__p__commode
__setusermatherr
_initterm
__getmainargs
__p__acmdln
exit
_XcptFilter
_exit
_mbschr
strtok
_mbsicmp
_mbsrchr
_mbsncpy
_pctype
_isctype
__mb_cur_max
_except_handler3

kernel32

GetStartupInfoA
GetModuleHandleA
_llseek
_lread
_lopen
_lclose
GetModuleFileNameA
LoadLibraryA
GetProcAddress
GetCurrentDirectoryA
GetSystemDirectoryA
lstrcatA
lstrcpyA

user32

wsprintfA
MessageBoxA
LoadStringA

advapi32

RegQueryValueA
RegOpenKeyA
RegCloseKey

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vfp6renu.dll
.dll windows:4 windows x86 arch:x86

105a34c3b3ecaf6803be201e74c83cf4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

LoadStringA
MessageBoxA

kernel32

DisableThreadLibraryCalls

Exports

Exports

DllVersion

Sections

.text
Size: 512B - Virtual size: 125B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 266B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 853KB - Virtual size: 852KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 30KB - Virtual size: 30KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 30KB - Virtual size: 30KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 30KB - Virtual size: 30KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 30KB - Virtual size: 30KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 87KB - Virtual size: 96KB

.rsrc
Size: 39KB - Virtual size: 38KB

.reloc
Size: 89KB - Virtual size: 88KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 512B - Virtual size: 125B

.rdata
Size: 512B - Virtual size: 266B

.data
Size: - Virtual size: 4B

.rsrc
Size: 853KB - Virtual size: 852KB

.reloc
Size: 512B - Virtual size: 96B