aabebfa8a57a0e23a01d18d0c40180fd1b0e56f017a41c03d171450171ebafa1

Sharing

Copy URL

Twitter E-mail

General

Target

aabebfa8a57a0e23a01d18d0c40180fd1b0e56f017a41c03d171450171ebafa1
Size

5.0MB
MD5

ec041e239480c65594ed9380da2be0ad
SHA1

9c0eecf6597c98ecfbf69f21b00c8f5610c1099d
SHA256

aabebfa8a57a0e23a01d18d0c40180fd1b0e56f017a41c03d171450171ebafa1
SHA512

52db27d87d67b30064013c3833d4fdbc373a610d32829f814e41a40568fda64c72ce82873490df5dfe305afdb3913e9f92acfaf4f56d88d696effe0cafcacc41
SSDEEP

98304:H9NvpDKPQ/s7AjeQaCBatkFercnu6iYZW918bWNw:H9jDEsjECBatMu6K9Wr

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CareUEyes/App/CareUEyes/CareUEyes.exe
unpack001/CareUEyes/CareUEyesPortable.exe
unpack002/$PLUGINSDIR/MoreInfo.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UAC.dll
unpack002/$PLUGINSDIR/execDos.dll
unpack002/$PLUGINSDIR/newadvsplash.dll
unpack002/$PLUGINSDIR/newtextreplace.dll
unpack002/$PLUGINSDIR/nsExec.dll
unpack002/$PLUGINSDIR/registry.dll

Files

aabebfa8a57a0e23a01d18d0c40180fd1b0e56f017a41c03d171450171ebafa1
.zip
CareUEyes/App/AppInfo/AppIcon.ico
CareUEyes/App/AppInfo/AppInfo.ini
CareUEyes/App/AppInfo/Launcher/CareUEyesPortable.ini
CareUEyes/App/CareUEyes/CareUEyes.exe
.exe windows:5 windows x86 arch:x86

0aa727d406300e6fc0c248d347110c00

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

CareUEyes.pdb

Imports

winmm

timeSetEvent
mciSendStringW
timeKillEvent

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

kernel32

DeleteFileW
GetFileAttributesExW
GetCurrentDirectoryW
MapViewOfFile
GetVolumeInformationW
GetFileAttributesW
SetFilePointerEx
SetEndOfFile
FlushFileBuffers
GetFileInformationByHandle
CreateToolhelp32Snapshot
GetFileSizeEx
FormatMessageW
TryEnterCriticalSection
GetSystemTimeAsFileTime
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetVersionExW
GetSystemInfo
GetSystemDirectoryW
GetTimeZoneInformation
GetUserDefaultLangID
FindFirstChangeNotificationW
FindCloseChangeNotification
WaitForMultipleObjects
FindNextChangeNotification
Process32FirstW
Process32NextW
ResetEvent
OpenFileMappingW
IsBadReadPtr
GetSystemTime
GetCurrentDirectoryA
GetModuleFileNameA
GetVersionExA
HeapCreate
FreeResource
GetFullPathNameW
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
VerifyVersionInfoW
QueryPerformanceCounter
MoveFileExA
CompareFileTime
GetFileType
GetStdHandle
PeekNamedPipe
FormatMessageA
InterlockedDecrement
GetFileSize
WriteFile
UnmapViewOfFile
SuspendThread
lstrlenA
InterlockedIncrement
GlobalAlloc
GetThreadContext
VirtualFree
VirtualAlloc
FlushInstructionCache
VirtualProtect
GetEnvironmentVariableW
GetEnvironmentVariableA
CreateProcessW
ResumeThread
TerminateProcess
FindNextFileW
ReadProcessMemory
LoadLibraryExA
LoadLibraryA
GetComputerNameA
GetLocalTime
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
ReadConsoleA
SetConsoleMode
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetConsoleCtrlHandler
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
GetDriveTypeW
SetStdHandle
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
UnhandledExceptionFilter
LocalFree
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStringTypeW
GetExitCodeThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
OutputDebugStringW
IsBadWritePtr
SetLastError
lstrcmpW
GetCurrentThreadId
ExitProcess
GlobalAddAtomA
Sleep
GetTickCount
InterlockedCompareExchange
LoadLibraryW
FindFirstFileW
FindClose
ReadFile
CreateFileW
GlobalLock
CreateFileMappingW
GlobalUnlock
MulDiv
WideCharToMultiByte
OutputDebugStringA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateThread
GetProcAddress
FreeLibrary
GetLastError
GetCurrentProcess
GetCurrentProcessId
GetCommandLineA
GetModuleHandleW
SetUnhandledExceptionFilter
VirtualQuery
GetModuleFileNameW
GetCurrentThread
LoadLibraryExW
GetModuleHandleA
CloseHandle
SetEvent
CreateEventW
WaitForSingleObject
InitializeCriticalSection
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetCommandLineW
SetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
FindResourceW
lstrcmpiW
LockResource
SizeofResource
FindResourceExW
DecodePointer
RaiseException
MultiByteToWideChar
LoadResource

user32

MessageBoxW
GetActiveWindow
IsWindowVisible
GetFocus
GetParent
ShowWindow
SetWindowPos
DestroyWindow
SendMessageW
UnregisterClassW
CharNextW
PtInRect
OffsetRect
ReleaseDC
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindow
MsgWaitForMultipleObjects
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetClassLongW
GetClassLongW
RemovePropW
GetPropW
SetPropW
SetMenuContextHelpId
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenu
AppendMenuW
GetMenuItemCount
DestroyMenu
GetDC
DrawTextW
SystemParametersInfoA
CharLowerBuffW
MapVirtualKeyA
UpdateLayeredWindow
OpenClipboard
DispatchMessageW
FindWindowW
GetWindowRect
MonitorFromRect
PostMessageW
UnhookWinEvent
SetWinEventHook
GetForegroundWindow
GetCursorPos
WindowFromPoint
GetMonitorInfoW
SetActiveWindow
GetUserObjectInformationW
GetProcessWindowStation
DrawIconEx
PostQuitMessage
ClientToScreen
MonitorFromWindow
CopyRect
GetSystemMetrics
BringWindowToTop
SetWindowLongW
SetForegroundWindow
MonitorFromPoint
GetAsyncKeyState
UnregisterHotKey
RegisterHotKey
EnumDisplayMonitors
ScreenToClient
GetWindowLongW
GetClassNameW
GetShellWindow
GetAncestor
GetWindowThreadProcessId
SystemParametersInfoW
AttachThreadInput
LockWorkStation
SetCursor
SetCapture
ReleaseCapture
GetDesktopWindow
CreateWindowExW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MoveWindow
GetClientRect
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
RedrawWindow
SetFocus
GetWindow
IsChild
GetDlgCtrlID
GetDlgItem
GetSysColor
DestroyAcceleratorTable
FillRect
CreateAcceleratorTableW
DefWindowProcW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
CreatePopupMenu
IsMenu
IsWindowEnabled
EnableWindow
LoadImageW
CreateIconFromResource
LoadBitmapW
GetIconInfo
MapWindowPoints
SetCaretPos
HideCaret
GetCaretBlinkTime
CreateCaret
UpdateWindow
GetCapture
AnimateWindow
TrackMouseEvent
PeekMessageW
EnableMenuItem
CallWindowProcW
EqualRect
IsIconic
SetLayeredWindowAttributes
EnumDisplayDevicesW
SetTimer
KillTimer
DestroyIcon
SendMessageA
GetWindowDC
GetWindowRgn
IsZoomed
SetSysColors
DestroyCursor
TranslateMessage
GetMessageW
IsRectEmpty
UnionRect
IntersectRect
InflateRect
SetRect
GetKeyState

gdi32

SetDeviceGammaRamp
GetObjectW
GetStockObject
SetBkMode
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
CreateRectRgn
GetDeviceCaps
EnumFontsW
SetViewportOrgEx
CreateBitmap
CreatePen
SetROP2
CreateHatchBrush
FrameRgn
Rectangle
SetGraphicsMode
CreateRoundRectRgn
ExcludeClipRect
RestoreDC
SelectObject
SaveDC
ExtCreateRegion
GetRegionData
IntersectClipRect
SelectClipRgn
CreateDIBSection
GetCurrentObject
GetViewportOrgEx
CreateFontIndirectW
StretchBlt
GetFontUnicodeRanges
GetGlyphIndicesW
GetTextExtentPointI
AddFontMemResourceEx
RemoveFontMemResourceEx
SetTextColor
SetTextAlign
GetTextMetricsW
SetWorldTransform
ExtTextOutW
GetTextFaceW
GdiFlush
DeleteDC
BitBlt
EnumFontFamiliesExW
GetCharABCWidthsW
GetFontData
GetGlyphOutlineW
GetOutlineTextMetricsW

comdlg32

GetOpenFileNameW
ChooseColorW

advapi32

RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegDeleteKeyW
RegisterEventSourceW
DeregisterEventSource
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegNotifyChangeKeyValue
RegQueryValueExW
GetUserNameA
RegDeleteValueW
RegCreateKeyExW
CryptEnumProvidersW

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation
ord680
ShellExecuteW

ole32

CoTaskMemAlloc
CoCreateInstance
OleUninitialize
CoTaskMemRealloc
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoTaskMemFree
OleLockRunning
IIDFromString
CoCreateGuid
CreateBindCtx
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize

oleaut32

SysAllocString
VarUI4FromStr
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
SysAllocStringLen
SysStringLen
LoadTypeLi
VariantInit
VariantClear
OleCreateFontIndirect
DispCallFunc
SysFreeString
LoadRegTypeLi
VarUdateFromDate

shlwapi

PathIsDirectoryW
PathFindExtensionW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW
PathQuoteSpacesW
StrToIntExW

gdiplus

GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipImageGetFrameCount
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectI
GdipGraphicsClear
GdipSaveImageToFile
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipBitmapLockBits

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW

dwmapi

DwmGetWindowAttribute

ws2_32

getsockname
getpeername
connect
bind
WSAGetLastError
send
recv
closesocket
getsockopt
htons
ntohs
setsockopt
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
accept
htonl
listen
ioctlsocket
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
recvfrom
shutdown
sendto
gethostname
socket
getnameinfo

iphlpapi

GetAdaptersInfo

imm32

ImmGetContext
ImmReleaseContext
ImmAssociateContext

crypt32

CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertOpenSystemStoreA
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore

wldap32

ord208
ord41
ord46
ord145
ord216
ord14
ord117
ord26
ord27
ord127
ord167
ord142
ord79
ord301
ord133
ord147
ord219

usp10

ScriptShape
ScriptItemize
ScriptFreeCache

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 586KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CareUEyes/App/CareUEyes/alert_sound.wav
CareUEyes/App/CareUEyes/config.dat
CareUEyes/App/CareUEyes/wallpaper/1.jpg
.jpg
CareUEyes/App/CareUEyes/wallpaper/2.jpg
.jpg
CareUEyes/App/CareUEyes/wallpaper/3.jpg
.jpg
CareUEyes/App/CareUEyes/wallpaper/4.jpg
.jpg
CareUEyes/App/CareUEyes/wallpaper/5.jpg
.jpg
CareUEyes/App/CareUEyes/wallpaper/6.jpg
.jpg
CareUEyes/App/CareUEyes/wallpaper/7.jpg
.jpg
CareUEyes/App/CareUEyes/wallpaper/8.jpg
.jpg
CareUEyes/App/DefaultData/CareUEyes/setting_v2.dat
CareUEyes/App/DefaultData/settings/CareUEyes.reg
CareUEyes/CareUEyesPortable.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/MoreInfo.dll
.dll windows:4 windows x86 arch:x86

149adf074d317fbf0d2f17314bd18969

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

t:\untgz\MoreInfo\SRC\Release\MoreInfo.pdb

Imports

user32

wsprintfW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

lstrlenW
lstrcpyW
lstrcpynW
lstrcatW
GlobalAlloc
GetSystemDirectoryW
GlobalFree

Exports

Exports

GetComments
GetCompanyName
GetFileDescription
GetFileVersion
GetInternalName
GetLegalCopyright
GetLegalTrademarks
GetOSUserinterfaceLanguage
GetOriginalFilename
GetPrivateBuild
GetProductName
GetProductVersion
GetSpecialBuild
GetUserDefined

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

c4a726be6ec458c19b16bf3893cf4bc1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
lstrcmpiW
GetCurrentThreadId
GetProcAddress
GetCommandLineW
UnmapViewOfFile
WaitForSingleObject
GetCurrentProcessId
SetEvent
GetVersionExW
SetCurrentDirectoryW
MapViewOfFile
Sleep
OpenProcess
GetExitCodeProcess
GetExitCodeThread
CreateThread
CreateFileMappingW
CreateEventW
lstrlenW
GlobalAlloc
CreateProcessW
GetLastError
FormatMessageW
LocalFree
GlobalFree
CloseHandle
GetModuleFileNameW
lstrcatW
GetPrivateProfileIntW
GetPrivateProfileStringW
DuplicateHandle
LoadLibraryA

user32

SetWindowsHookExW
DispatchMessageW
TranslateMessage
IsDialogMessageW
PeekMessageW
MsgWaitForMultipleObjects
DefWindowProcW
PostMessageW
SetForegroundWindow
CreateWindowExW
GetWindowThreadProcessId
CallWindowProcW
SetWindowPos
GetWindowRect
UnhookWindowsHookEx
GetClassNameW
CallNextHookEx
CharNextW
DialogBoxParamW
MessageBoxW
EndDialog
SetWindowLongW
LoadImageW
GetWindowLongW
EnableWindow
ShowWindow
wsprintfW
LoadStringW
GetDlgItem
SendMessageW
DestroyWindow

advapi32

GetUserNameW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
LookupPrivilegeValueW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
OpenThreadToken
AdjustTokenPrivileges
OpenProcessToken

shell32

ShellExecuteExW

ole32

CoInitialize

Exports

Exports

_

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/execDos.dll
.dll windows:5 windows x86 arch:x86

a5d239ed12c9442d63c73cb9ff7cad0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
Sleep
lstrcatW
lstrcmpiW
TerminateProcess
ReadFile
GetExitCodeProcess
PeekNamedPipe
CreateFileW
FlushFileBuffers
WriteFile
lstrlenW
CloseHandle
CreateProcessW
DuplicateHandle
GetCurrentProcess
CreatePipe
GetProcAddress
GetModuleHandleW
GlobalAlloc
GetExitCodeThread
WaitForSingleObject
CreateThread
lstrcpyW
lstrcpynW

user32

wsprintfW
GetClassNameW
GetDlgItem
FindWindowExW
SendMessageW

Exports

Exports

exec
isdone
wait

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 334B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/newadvsplash.dll
.dll windows:4 windows x86 arch:x86

7efb019e000b6e0291c32d00fe622590

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
CloseHandle
WaitForSingleObject
GetProcAddress
lstrlenW
CreateThread
GetCurrentThreadId
Sleep
lstrcpyW
lstrcmpiW
GlobalAlloc
GlobalFree
lstrcpynW

user32

DefWindowProcW
DestroyWindow
IsWindowVisible
UnregisterClassW
EnumDisplaySettingsW
SendMessageW
wsprintfW
SystemParametersInfoW
EndPaint
SetWindowPos
LoadCursorW
RegisterClassW
CreateWindowExW
IsWindow
GetMessageW
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetWindowLongW
GetClientRect
TranslateMessage
DispatchMessageW
PostMessageW
SetWindowRgn
BeginPaint

gdi32

CombineRgn
GetObjectW
CreateCompatibleDC
SelectObject
GetDIBits
CreateRectRgn
DeleteObject

winmm

timeSetEvent
PlaySoundW
timeKillEvent

oleaut32

OleLoadPicturePath

msvcrt

_lseek
memset
memcmp
_read
memcpy
_wopen
_close
wcstol

Exports

Exports

hwnd
play
show
stop

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 318B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/newtextreplace.dll
.dll windows:4 windows x86 arch:x86

42624ab02b71999959eb0f4168f609bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
CloseHandle
CopyFileW
CreateFileW
FindAtomA
GetAtomNameA
GetFileAttributesW
GetFileSize
GlobalAlloc
GlobalFree
MultiByteToWideChar
ReadFile
SetFileAttributesW
SetFilePointer
WideCharToMultiByte
WriteFile
lstrcmpiW
lstrcpyW
lstrcpynA
lstrcpynW
lstrlenA
lstrlenW

msvcrt

__dllonexit
_assert
_errno
abort
fflush
free
malloc
memset

user32

CharUpperA
wsprintfW

Exports

Exports

_FillReadBuffer
_FindInFile
_FreeReadBuffer
_ReplaceInFile
_Unload

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:5 windows x86 arch:x86

8700d0ebbb41c81ea52718af1ab70a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
MultiByteToWideChar
lstrlenA
lstrcmpiW
lstrlenW
ExitProcess
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcpynW
GetCommandLineW
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
GetModuleHandleW
GetTickCount
GetStartupInfoW
CreatePipe
GetVersionExW
GlobalLock
DeleteFileW
lstrcatW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetProcAddress
PeekNamedPipe
GetCurrentProcess

user32

CharPrevW
CharNextW
SendMessageW
FindWindowExW
wsprintfW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/registry.dll
.dll windows:4 windows x86 arch:x86

f450890bf454de37198f435d5832e67d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
lstrcpyW
FindClose
FindFirstFileW
lstrcmpW
GetFileSize
SetFilePointer
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
WriteFile
CloseHandle
lstrlenW
lstrcpynW
lstrcmpiW
lstrcatW
GlobalAlloc
ReadFile
GlobalFree

user32

wsprintfW
CharUpperW
SendMessageW
FindWindowExW
GetDlgItem

advapi32

RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegEnumValueW
RegDeleteValueW
RegQueryValueExW
RegCloseKey

Exports

Exports

_Close
_CopyKey
_CopyValue
_CreateKey
_DeleteKey
_DeleteKeyEmpty
_DeleteValue
_Find
_HexToStr
_HexToStrUTF16LE
_KeyExists
_MoveKey
_MoveValue
_Open
_Read
_ReadExtra
_RestoreKey
_SaveKey
_StrToHex
_StrToHexUTF16LE
_Unload
_Write
_WriteExtra

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CareUEyes/desktop.ini

Sharing

General

Malware Config

Signatures

Files

0aa727d406300e6fc0c248d347110c00

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

wtsapi32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

version

dwmapi

ws2_32

iphlpapi

imm32

crypt32

wldap32

usp10

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 92KB - Virtual size: 197KB

.rsrc Size: 586KB - Virtual size: 588KB

.reloc Size: 227KB - Virtual size: 227KB

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 1.3MB

.rsrc Size: 23KB - Virtual size: 24KB

.reloc Size: 4KB - Virtual size: 3KB

149adf074d317fbf0d2f17314bd18969

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

version

kernel32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: - Virtual size: 44B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 188B

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 92KB - Virtual size: 197KB

.rsrc
Size: 586KB - Virtual size: 588KB

.reloc
Size: 227KB - Virtual size: 227KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 1.3MB

.rsrc
Size: 23KB - Virtual size: 24KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 44B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 188B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1024B - Virtual size: 892B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 20B

.reloc
Size: 512B - Virtual size: 334B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 318B

.reloc
Size: 1024B - Virtual size: 596B

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 36B

.rdata
Size: 512B - Virtual size: 360B

.bss
Size: - Virtual size: 8KB