clop | Cl0pRansomware[.]7z

Resubmissions

29/03/2025, 11:32

250329-nnrclssvdv 10

29/03/2025, 10:50

250329-mxc1xa1zex 10

Sharing

Copy URL

Twitter E-mail

General

Target

Cl0pRansomware.7z
Size

5.2MB
MD5

8bdbdf89f41e42e658a4c849aaa2f3b0
SHA1

23614a30b1216592e26aeeb8b171454788e07567
SHA256

3c40ecf9dbc3d4ca1e3afa06cd9a9cfd22041cca117a4d767afc03dececc59a0
SHA512

c88a5d12f7856df4dd7a7cd171f966e49b388217a91b7beb29f7f6403cab1fe9a72efbeef579e6e94f164d4cc2d66f28d2d848b10bf447b85d2d6d0b89db4324
SSDEEP

98304:VvdpQqz2yi2bDNdeWH4Gny4PfQOOv5d6hYqOFcWgP64tdcYBu/Q5UDyA1dvj6ugB:Vv7Q824PNdd5XHub/GWotSYu/OA1dv2t

Score

10^/10

clop

Malware Config

Extracted

Family

clop

Ransom Note

___ Universidad de La Salle ___ === DO NOT ATTEMPT TO RESTORE OR MOVE THE FILES YOURSELF. THIS MAY DESTROY THEM === Here are some of the files we downloaded from your network: \\172.19.20.216\C$\Users\ruthrodriguezez \\172.19.0.25\Secretaria General Docs \\172.19.15.59\C$\Users\sarangel If you refuse to cooperate, all data will be published for free download on our portal: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/ -> TOR browser CONTACT US BY EMAIL-> [email protected] or [email protected] OR WRITE TO THE CHAT AT-> http://6v4q5w7di74grj2vtmikzgx2tnq5eagyg2cubpcnqrvvee2ijpmprzqd.onion/remote0/93868e77-1331-411a-9643-dc9ad26a5095?secret=lasalle (use TOR browser)

Signatures

Clop family
clop

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/46cd508b7e77bb2c1d47f7fef0042a13c516f8163f9373ef9dfac180131c65ed
unpack003/c793a9225d799150538f058c886e2806083f6bc33813a3bd8231ab2775b7ec2f
unpack004/dd2f458a29b666bbfe5a5dbf6a36c906d0140e0ae15b599e8b4da1863e7e41ff

Files

Cl0pRansomware.7z
.zip
46cd508b7e77bb2c1d47f7fef0042a13c516f8163f9373ef9dfac180131c65ed.7z
.7z

Password: infected
46cd508b7e77bb2c1d47f7fef0042a13c516f8163f9373ef9dfac180131c65ed
.exe windows:6 windows x86 arch:x86

d8b6baf12a07141de229c7d33c80f943

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryInformationJobObject
CreateActCtxW
GetOEMCP
SearchPathW
GetFileAttributesExA
WritePrivateProfileStringW
EraseTape
GetConsoleAliasesW
FindFirstVolumeW
GetSystemDefaultLCID
GetGeoInfoA
HeapFree
SetPriorityClass
GetCommandLineW
GetFullPathNameW
GetCurrentProcess
GetConsoleOutputCP
lstrlenW
GetThreadErrorMode
ScrollConsoleScreenBufferA
GetSystemDefaultUILanguage
UnregisterWait
GetStringTypeExW
TerminateProcess
WakeAllConditionVariable
GetUserDefaultLangID
GetModuleFileNameW
GetSystemTimes
RequestWakeupLatency
GetConsoleCP
GetThreadLocale
GlobalUnWire
GetProcessId
GetUserDefaultUILanguage
LockFile
InitializeCriticalSectionAndSpinCount
DeleteAtom
EnumCalendarInfoA
InitOnceInitialize
GetSystemPowerStatus
FlushProcessWriteBuffers
PeekConsoleInputA
FindActCtxSectionStringW
GetLargePageMinimum
GetFileAttributesTransactedA
lstrlenA
CreateMutexA
GetCurrentThreadId
OpenJobObjectW
GetVersionExW
UnregisterApplicationRecoveryCallback
IsSystemResumeAutomatic
HeapWalk
GlobalDeleteAtom
HeapValidate
GetSystemDefaultLangID
GetACP
RtlCaptureStackBackTrace
OpenProcess
GetVersion
GetCommandLineA
CreateToolhelp32Snapshot
CreateEventW
ProcessIdToSessionId
Sleep
GetTickCount64
BuildCommDCBW
VerifyScripts
GetCurrencyFormatEx
ChangeTimerQueueTimer
GetFileAttributesExW
Process32NextW
GetMaximumProcessorGroupCount
GetStringTypeExA
GetThreadUILanguage
GetUserDefaultLCID
SetEvent
GetCurrentThread
GetActiveProcessorGroupCount
LoadLibraryA
WriteProfileStringA
TlsAlloc
DeleteFileA
GetSystemDEPPolicy
Process32FirstW
MoveFileTransactedW
GetLogicalDrives
AddConsoleAliasA
CreateThreadpoolCleanupGroup
GetNativeSystemInfo
RaiseException
CloseHandle
ReadFileEx
IsDBCSLeadByte
HeapAlloc
Wow64SuspendThread
FatalAppExitW
GetCurrentDirectoryW
UpdateResourceW
GetLogicalDriveStringsA
SwitchToThread
IsThreadAFiber
GetCurrentProcessorNumber
GetThreadContext
InitAtomTable
GetWindowsDirectoryW
PeekConsoleInputW
GetErrorMode
UnregisterApplicationRestart
DebugActiveProcess
GetTimeFormatW
SetFileApisToOEM
WTSGetActiveConsoleSessionId
ExitProcess
GetPrivateProfileStructA
FindFirstStreamW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
GetLongPathNameA
GetConsoleWindow
CreateEventExA
SystemTimeToTzSpecificLocalTime
QueryFullProcessImageNameW
ReadConsoleOutputCharacterW
CommConfigDialogW
ConvertFiberToThread
GetFileType
DeleteTimerQueueTimer
SetFileApisToANSI
FormatMessageA
lstrcmpiW
BackupSeek
GetNLSVersion
HeapUnlock
GetDateFormatW
GetEnvironmentStringsW
CreateFiberEx
GetConsoleAliasExesLengthA
CreateFiber
GetDriveTypeW
InterlockedPopEntrySList
IsDebuggerPresent
CreateTimerQueue
SizeofResource
LockResource
LoadResource
FindResourceW
WriteConsoleW
SetFilePointerEx
ReadConsoleW
SetEndOfFile
GetConsoleMode
FlushFileBuffers
HeapReAlloc
HeapSize
LCMapStringW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetCPInfo
IsValidCodePage
FindFirstFileExW
GetConsoleAliasExesLengthW
RemoveDirectoryTransactedW
GetNamedPipeClientComputerNameA
AreFileApisANSI
CopyFileExA
GlobalUnlock
GetTickCount
MapViewOfFile
CreateFileMappingW
lstrcpyW
GlobalLock
EnumSystemCodePagesA
CreateThread
GlobalFree
lstrcpyA
GlobalAlloc
lstrcatW
GetLastError
SetFileAttributesW
ExitThread
UnmapViewOfFile
CreateFileW
WaitForSingleObject
FindClose
SetFilePointer
SetErrorMode
VirtualAlloc
WriteFile
FindNextFileW
GetModuleHandleExW
WideCharToMultiByte
MultiByteToWideChar
GetStdHandle
LoadLibraryExW
GetProcAddress
VirtualFree
FindFirstFileW
FreeConsole
ReadFile
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer

user32

wsprintfW
InvalidateRect
GetDesktopWindow
CharUpperBuffW
AppendMenuW
CharUpperW
DestroyCursor
GetClipboardData
DeferWindowPos
DefWindowProcW
OpenIcon
GetFocus
GetClipboardOwner
GetWindowTextLengthW
GetActiveWindow
GetClassInfoW
BeginDeferWindowPos
GetScrollRange
CloseClipboard
CharUpperBuffA
GetSysColor
GetForegroundWindow
DefMDIChildProcW
LoadBitmapW

gdi32

CloseMetaFile
CreateDCW
CreateRectRgnIndirect
TextOutW
PolyPolygon
CreateDiscardableBitmap
Polygon
SetBkColor
Ellipse
DeleteMetaFile
UnrealizeObject
Pie

advapi32

RegLoadMUIStringW
GetTokenInformation
LookupAccountSidW
RegDisablePredefinedCacheEx
RevertToSelf
CryptAcquireContextW
SetServiceStatus
RegisterServiceCtrlHandlerW
CryptEncrypt
OpenProcessToken
CreateProcessAsUserW
StartServiceCtrlDispatcherW
RegDeleteValueA
DuplicateTokenEx
OpenThreadToken

shell32

SHGetSpecialFolderPathW

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

shlwapi

StrStrW
PathFindFileNameW

crypt32

CryptStringToBinaryA
CryptDecodeObjectEx
CryptImportPublicKeyInfo

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQuerySessionInformationW
WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory

rstrtmgr

RmGetList
RmStartSession
RmShutdown
RmEndSession
RmRestart
RmRegisterResources

Sections

.text
Size: 534KB - Virtual size: 534KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c793a9225d799150538f058c886e2806083f6bc33813a3bd8231ab2775b7ec2f.7z
.7z

Password: infected
c793a9225d799150538f058c886e2806083f6bc33813a3bd8231ab2775b7ec2f
.exe windows:6 windows x86 arch:x86

dbb863249b9b19b41bddfe6e27b3cdcf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileInformationByHandleEx
GetFileAttributesExA
CreateThreadpool
WaitNamedPipeA
EraseTape
GetSystemDefaultLCID
CreateNamedPipeA
HeapFree
SetPriorityClass
GetCommandLineW
GetLongPathNameW
GetCurrentProcess
GetConsoleOutputCP
lstrlenW
GetThreadErrorMode
WriteConsoleA
GetSystemDefaultUILanguage
GetPrivateProfileIntW
TerminateProcess
GetUserDefaultLangID
GetModuleFileNameW
GetSystemTimes
GetConsoleCP
GetThreadLocale
VirtualAllocExNuma
GetProcessId
SignalObjectAndWait
DeleteTimerQueueEx
GetUserDefaultUILanguage
CompareStringOrdinal
LeaveCriticalSection
AllocateUserPhysicalPages
EnumUILanguagesW
FlushProcessWriteBuffers
GetDllDirectoryA
FatalExit
OpenFile
GetLargePageMinimum
GetConsoleScreenBufferInfoEx
lstrlenA
GetEnvironmentVariableA
CreateMutexA
GetLongPathNameTransactedA
LocalAlloc
GetNumberFormatEx
GetCurrentThreadId
_hwrite
UnregisterApplicationRecoveryCallback
CancelThreadpoolIo
SuspendThread
IsSystemResumeAutomatic
GlobalDeleteAtom
lstrcatA
GetSystemDefaultLangID
GetACP
RtlCaptureStackBackTrace
OpenProcess
GetVersion
GetCommandLineA
CreateToolhelp32Snapshot
CreateEventW
Sleep
FormatMessageW
GetTimeZoneInformation
GetTickCount64
VerifyScripts
LCMapStringEx
OpenWaitableTimerW
CreateFileTransactedW
Process32NextW
GetConsoleDisplayMode
OutputDebugStringW
GetMaximumProcessorGroupCount
EncodeSystemPointer
GetStringTypeExA
EnumCalendarInfoExA
GetThreadUILanguage
GetUserDefaultLCID
ReadConsoleInputA
SetEvent
GetCurrentThread
AcquireSRWLockExclusive
GetActiveProcessorGroupCount
LoadLibraryA
TlsAlloc
GetVersionExA
EnumResourceNamesExW
DeleteFileW
GetSystemDEPPolicy
Process32FirstW
CreateDirectoryTransactedA
FindNLSStringEx
RaiseException
FreeConsole
lstrcpyW
GetWindowsDirectoryA
FindResourceW
GlobalFindAtomW
EnumDateFormatsA
HeapAlloc
FileTimeToLocalFileTime
GetDefaultCommConfigW
GetUserGeoID
SwitchToThread
FindNextChangeNotification
GetNamedPipeClientSessionId
IsThreadAFiber
LocalSize
GetCurrentProcessorNumber
GetErrorMode
UnregisterApplicationRestart
VirtualAllocEx
LocalFree
MoveFileExW
SetFileApisToOEM
WTSGetActiveConsoleSessionId
ExitProcess
FindNextVolumeA
GetPrivateProfileStructA
GetCurrentProcessId
UnhandledExceptionFilter
GetProcessHeap
GlobalMemoryStatusEx
GetModuleHandleW
FreeLibrary
IsValidLanguageGroup
GetConsoleWindow
SleepConditionVariableSRW
GlobalWire
GetThreadTimes
LocalReAlloc
ConvertFiberToThread
AddAtomW
TlsFree
SetFileApisToANSI
CopyFileExW
CreateSemaphoreA
GetTapeStatus
lstrcmpiW
GetPrivateProfileStringA
GetEnvironmentStringsW
WaitNamedPipeW
GetCurrencyFormatA
_lcreat
lstrcmpW
GetConsoleAliasExesLengthA
GetDriveTypeW
GlobalReAlloc
IsDebuggerPresent
CreateTimerQueue
CreateThreadpoolWork
SizeofResource
LockResource
LoadResource
WriteConsoleW
SetFilePointerEx
ReadConsoleW
SetEndOfFile
GetConsoleMode
FlushFileBuffers
HeapReAlloc
HeapSize
LCMapStringW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetCPInfo
IsValidCodePage
FindFirstFileExW
GetOEMCP
GetLogicalDrives
GetConsoleAliasExesLengthW
InitializeSRWLock
FillConsoleOutputCharacterA
SleepConditionVariableCS
AreFileApisANSI
GlobalUnlock
GetTickCount
MapViewOfFile
CreateThreadpoolCleanupGroup
CreateFileMappingW
GlobalLock
CreateThread
CloseHandle
GlobalFree
lstrcpyA
GlobalAlloc
lstrcatW
GetLastError
SetFileAttributesW
ExitThread
UnmapViewOfFile
CreateFileW
WaitForSingleObject
FindClose
SetFilePointer
SetErrorMode
VirtualAlloc
WriteFile
FindNextFileW
GetFileType
GetModuleHandleExW
WideCharToMultiByte
MultiByteToWideChar
GetStdHandle
LoadLibraryExW
VirtualFree
FindFirstFileW
GetThreadIOPendingFlag
ReadFile
GetProcAddress
TlsSetValue
TlsGetValue
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
DecodePointer

user32

wsprintfW
GetWindowTextW
InvalidateRect
EnableMenuItem
GetDesktopWindow
CharUpperW
EqualRect
CharUpperBuffW
DefWindowProcW
GetSystemMenu
LoadMenuW
MapVirtualKeyW
GetFocus
CharLowerBuffA
GetClipboardViewer
GetPriorityClipboardFormat
GetActiveWindow
VkKeyScanW
GetScrollRange
CloseClipboard
IsChild
GetForegroundWindow
DestroyMenu
IsRectEmpty
IsClipboardFormatAvailable

gdi32

RectVisible
FrameRgn
GetTextFaceW
CreateDIBitmap
GetStockObject
CreateRoundRectRgn
CreatePolygonRgn
CreatePatternBrush
CreateRectRgn
SetBkColor
CreateCompatibleDC

advapi32

RegisterServiceCtrlHandlerW
GetTokenInformation
LookupAccountSidW
RegDisablePredefinedCacheEx
RevertToSelf
RegDeleteKeyExW
RegOpenCurrentUser
CryptAcquireContextW
SetServiceStatus
RegCreateKeyExA
CryptEncrypt
OpenProcessToken
RegUnLoadKeyW
RegGetValueW
CreateProcessAsUserW
StartServiceCtrlDispatcherW
DuplicateTokenEx
OpenThreadToken

shell32

SHGetSpecialFolderPathW

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

shlwapi

StrStrW
PathFindFileNameW

crypt32

CryptStringToBinaryA
CryptDecodeObjectEx
CryptImportPublicKeyInfo

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQuerySessionInformationW
WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory

rstrtmgr

RmGetList
RmStartSession
RmShutdown
RmEndSession
RmRestart
RmRegisterResources

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 479KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dd2f458a29b666bbfe5a5dbf6a36c906d0140e0ae15b599e8b4da1863e7e41ff.7z
.7z

Password: infected
dd2f458a29b666bbfe5a5dbf6a36c906d0140e0ae15b599e8b4da1863e7e41ff
.exe windows:6 windows x86 arch:x86

b1ee5d11ebf0f5a83cd3df3f1fb65ee0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EraseTape
GetSystemDefaultLCID
GlobalCompact
HeapFree
SetPriorityClass
GetCommandLineW
IsDBCSLeadByteEx
GetCurrentProcess
GetConsoleOutputCP
lstrlenW
GetThreadErrorMode
GetCPInfo
GetSystemDefaultUILanguage
TerminateProcess
GetProfileIntW
GetProcessAffinityMask
GetUserDefaultLangID
GetModuleFileNameW
GetSystemTimes
GetConsoleCP
GetThreadLocale
GetProcessId
DeleteTimerQueueEx
GetUserDefaultUILanguage
GetConsoleAliasW
FindFirstFileTransactedW
FlushProcessWriteBuffers
GetWriteWatch
GetLargePageMinimum
lstrlenA
CreateMutexA
GetCurrentThreadId
UnregisterApplicationRecoveryCallback
IsSystemResumeAutomatic
GlobalDeleteAtom
GetSystemDefaultLangID
GetACP
GlobalAddAtomW
OpenProcess
GetVersion
_llseek
GetCommandLineA
IsValidCodePage
CreateToolhelp32Snapshot
CreateEventW
Sleep
GetConsoleMode
EnumUILanguagesA
GetTickCount64
BuildCommDCBW
GetCurrencyFormatEx
GetFileAttributesExW
RemoveDirectoryTransactedA
Process32NextW
GetMaximumProcessorGroupCount
GetThreadUILanguage
GetUserDefaultLCID
SetEvent
GetCurrentThread
FindFirstFileExW
LoadLibraryA
TlsAlloc
GetSystemDEPPolicy
GlobalFree
GetConsoleTitleA
CreateThreadpoolCleanupGroup
FreeConsole
GetDefaultCommConfigA
HeapAlloc
SwitchToThread
IsThreadAFiber
GetCurrentProcessorNumber
WriteConsoleW
GetErrorMode
UnregisterApplicationRestart
SetFileApisToOEM
WTSGetActiveConsoleSessionId
ExitProcess
FindNextVolumeA
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
GetConsoleWindow
GetVolumePathNamesForVolumeNameW
ConvertFiberToThread
GetFileType
SetFileApisToANSI
GlobalMemoryStatus
FindNextVolumeW
lstrcmpiW
GetDateFormatW
GetEnvironmentStringsW
ReadConsoleOutputA
GetConsoleAliasExesLengthA
GetVolumeInformationByHandleW
GetDriveTypeW
LoadLibraryExW
IsDebuggerPresent
CreateTimerQueue
SizeofResource
LockResource
LoadResource
FindResourceW
DecodePointer
SetFilePointerEx
ReadConsoleW
SetEndOfFile
FlushFileBuffers
HeapReAlloc
HeapSize
LCMapStringW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetModuleHandleExW
WideCharToMultiByte
MultiByteToWideChar
GetOEMCP
GetLogicalDrives
GetConsoleAliasExesLengthW
InitializeSRWLock
AreFileApisANSI
GlobalUnlock
GetTickCount
MapViewOfFile
CreateFileMappingW
lstrcpyW
GlobalLock
CreateThread
GetActiveProcessorGroupCount
CloseHandle
lstrcpyA
GlobalAlloc
lstrcatW
GetLastError
SetFileAttributesW
ExitThread
UnmapViewOfFile
CreateFileW
WaitForSingleObject
FindClose
SetFilePointer
SetErrorMode
VirtualAlloc
WriteFile
FindNextFileW
GetStdHandle
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
VirtualFree
FindFirstFileW
Process32FirstW
ReadFile
EnterCriticalSection
SetLastError
RtlUnwind
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

user32

wsprintfW
GetCursorPos
InvalidateRect
CharUpperW
DefWindowProcW
ScrollDC
GetFocus
CloseClipboard
GetForegroundWindow
LoadMenuIndirectW
CharUpperBuffW
GetDesktopWindow

gdi32

CreateCompatibleDC
CreateICW
Chord
GetNearestPaletteIndex
GetPixel
SetBkColor
PtVisible

advapi32

RegisterServiceCtrlHandlerW
GetTokenInformation
LookupAccountSidW
RegDisablePredefinedCacheEx
RevertToSelf
CryptAcquireContextW
SetServiceStatus
CryptEncrypt
OpenProcessToken
CreateProcessAsUserW
StartServiceCtrlDispatcherW
DuplicateTokenEx

shell32

SHGetSpecialFolderPathW

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

shlwapi

StrStrW
PathFindFileNameW

crypt32

CryptStringToBinaryA
CryptDecodeObjectEx
CryptImportPublicKeyInfo

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQuerySessionInformationW
WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory

rstrtmgr

RmGetList
RmShutdown
RmStartSession
RmEndSession
RmRestart
RmRegisterResources

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 561KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

d8b6baf12a07141de229c7d33c80f943

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

mpr

shlwapi

crypt32

userenv

wtsapi32

rstrtmgr

Sections

.text Size: 534KB - Virtual size: 534KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 3KB - Virtual size: 12KB

.gfids Size: 512B - Virtual size: 172B

.rsrc Size: 111KB - Virtual size: 111KB

.reloc Size: 61KB - Virtual size: 61KB

Password: infected

dbb863249b9b19b41bddfe6e27b3cdcf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

mpr

shlwapi

crypt32

userenv

wtsapi32

rstrtmgr

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 2KB - Virtual size: 12KB

.gfids Size: 512B - Virtual size: 172B

.rsrc Size: 46KB - Virtual size: 46KB

.reloc Size: 479KB - Virtual size: 478KB

Password: infected

b1ee5d11ebf0f5a83cd3df3f1fb65ee0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

mpr

shlwapi

crypt32

userenv

wtsapi32

rstrtmgr

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 12KB

.gfids Size: 512B - Virtual size: 172B

.rsrc Size: 58KB - Virtual size: 57KB

.reloc Size: 561KB - Virtual size: 560KB

.text
Size: 534KB - Virtual size: 534KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 3KB - Virtual size: 12KB

.gfids
Size: 512B - Virtual size: 172B

.rsrc
Size: 111KB - Virtual size: 111KB

.reloc
Size: 61KB - Virtual size: 61KB

.text
Size: 4.5MB - Virtual size: 4.5MB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 2KB - Virtual size: 12KB

.gfids
Size: 512B - Virtual size: 172B

.rsrc
Size: 46KB - Virtual size: 46KB

.reloc
Size: 479KB - Virtual size: 478KB

.text
Size: 5.3MB - Virtual size: 5.3MB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 12KB

.gfids
Size: 512B - Virtual size: 172B

.rsrc
Size: 58KB - Virtual size: 57KB

.reloc
Size: 561KB - Virtual size: 560KB