c7632a1bbe82c3d2ae9146a0289bc2080d03878dd89fd1d9e9503a9e57af43c4

Sharing

Copy URL

Twitter E-mail

General

Target

c7632a1bbe82c3d2ae9146a0289bc2080d03878dd89fd1d9e9503a9e57af43c4
Size

5.1MB
MD5

7bfab958a3e53316b755d29ed1231cd7
SHA1

950c63dc75ac79c94188cbb6c35388ba8be690b5
SHA256

c7632a1bbe82c3d2ae9146a0289bc2080d03878dd89fd1d9e9503a9e57af43c4
SHA512

3aa6afeaa75f501472f045a44132620014d4f77b5185f510574725f0657a7a6a22d5577f4be992604fab9e6c2632a17a7146444324b777ed76e9d4cb4d144dff
SSDEEP

98304:2SG9hXzOe+Gf8yn1iTCK3aHaQ9TlOMWiLcVtAHDVBGr8hiNuQjuoFhIkZOo2:2PzFrLn1ifW7WiL9Hqr8hiNTjuoPISON

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

static1/unpack001/1792EL4.4?/ElementsEditor.exe vmprotect
static1/unpack001/1792EL4.4?/ElementsEngine.dll vmprotect

resource	yara_rule
static1/unpack001/1792EL4.4?/ElementsEditor.exe	vmprotect
static1/unpack001/1792EL4.4?/ElementsEngine.dll	vmprotect

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/1792EL4.4?/ElementsEditor.exe
unpack001/1792EL4.4?/ElementsEngine.dll
unpack001/1792EL4.4?/ElementsInterface.dll
unpack001/1792EL4.4?/Update.exe
unpack001/1792EL4.4?/zlibwapi.dll

Files

c7632a1bbe82c3d2ae9146a0289bc2080d03878dd89fd1d9e9503a9e57af43c4
.zip
1792EL4.4?/????.txt
1792EL4.4?/Data/??1330.data
.gz
??1330.data
1792EL4.4?/Data/??1330.datan
.gz
??1330.datan
1792EL4.4?/Data/??1330.dbpb
.gz
??1330.dbpb
1792EL4.4?/Data/??1601.data
.gz
??1601.data
1792EL4.4?/Data/??1601.datan
.gz
??1601.datan
1792EL4.4?/Data/??1601.dbpb
.gz
??1601.dbpb
1792EL4.4?/Data/??1715.custom
1792EL4.4?/Data/??1715.data
.gz
??1715.data
1792EL4.4?/Data/??1715.datan
.gz
??1715.datan
1792EL4.4?/Data/??1715.dbpb
.gz
1792EL4.4?/Data/??1792.data
.gz
1792EL4.4?/Data/??1792.datan
.gz
1792EL4.4?/Data/??1792.dbpb
.gz
1792EL4.4?/Data/??1792vipaward.data
.gz
1792EL4.4?/Data/??1792vipaward.datan
.gz
1792EL4.4?/ElementsEditor.exe
.exe windows:5 windows x86 arch:x86

2df5ae94022781dbc01ee7bd312dbbe3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

ole32

OleInitialize

oleaut32

SysAllocString

user32

CharUpperBuffW

Sections

.text
Size: - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 908KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1792EL4.4?/ElementsEngine.dll
.dll windows:6 windows x86 arch:x86

8529a09d4da4546aea9ec3783863db63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExW
InitializeCriticalSectionEx
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

ole32

CoCreateInstance

oleaut32

VariantClear

msvcp140

?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z

vcruntime140

__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_crt_atexit

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-string-l1-1-0

tolower

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-utility-l1-1-0

srand

Exports

Exports

??0ConfigurationFunctions@@QAE@XZ
??0ExportFunctions@@QAE@XZ
??0MyByteArray@@QAE@H@Z
??0MyByteArray@@QAE@PAEH@Z
??0MyByteArray@@QAE@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1ConfigurationFunctions@@QAE@XZ
??1ExportFunctions@@QAE@XZ
??1MyByteArray@@QAE@XZ
??4ConfigurationFunctions@@QAEAAV0@ABV0@@Z
??4ExportFunctions@@QAEAAV0@ABV0@@Z
??4MyByteArray@@QAEAAV0@ABV0@@Z
??_FMyByteArray@@QAEXXZ
?AddItem@ExportFunctions@@SAXHH@Z
?CheckRegInfo@ExportFunctions@@SA_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?ClearItemsChecked@ExportFunctions@@SAXH@Z
?CopyAndFill@MyByteArray@@QAEXAAV1@HH@Z
?CopyAndSkip@MyByteArray@@QAEXAAV1@HH@Z
?DeleteItem@ExportFunctions@@SAXHH@Z
?DeleteItems@ExportFunctions@@SAXH@Z
?DoTransform@ExportFunctions@@SA_N_N@Z
?FixPB@ExportFunctions@@SAXHAAVMyByteArray@@@Z
?FixPB@ExportFunctions@@SAXH_N@Z
?GetBuffer@MyByteArray@@QAEPAEH@Z
?GetBuffer@MyByteArray@@QAEPAEXZ
?GetCheckedItemCount@ExportFunctions@@SAHH@Z
?GetColumn@ExportFunctions@@SAXHAAH0000@Z
?GetColumnCount@ExportFunctions@@SAHH@Z
?GetColumnDb@ExportFunctions@@SA_NH@Z
?GetColumnObj@ExportFunctions@@SAHHH@Z
?GetCurIndex@ExportFunctions@@SAHHH@Z
?GetDBItemObj@ExportFunctions@@SAHHH@Z
?GetFileMd5@ExportFunctions@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V23@@Z
?GetItemChecked@ExportFunctions@@SA_NH@Z
?GetItemCount@ExportFunctions@@SAHH@Z
?GetItemDetail@ExportFunctions@@SAPAVMyByteArray@@H@Z
?GetItemId@ExportFunctions@@SAHH@Z
?GetItemLength@ConfigurationFunctions@@SAHH@Z
?GetItemName@ExportFunctions@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z
?GetItemObj@ExportFunctions@@SAHHH@Z
?GetLength@MyByteArray@@QAEHH@Z
?GetLength@MyByteArray@@QAEHXZ
?GetMachineCode@ExportFunctions@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetMarkName@ExportFunctions@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?GetMaxMark@ConfigurationFunctions@@SAHXZ
?GetParamCount@ExportFunctions@@SAHXZ
?GetParamMark@ExportFunctions@@SAHH@Z
?GetParamObj@ExportFunctions@@SAHH@Z
?GetParamSpace@ConfigurationFunctions@@SAHH@Z
?GetParamSpaceConfigData@ConfigurationFunctions@@SAPAVMyByteArray@@H@Z
?GetParamSpaceData@ConfigurationFunctions@@SAPAVMyByteArray@@H@Z
?GetParamType@ExportFunctions@@SAHH@Z
?GetSpecName@ExportFunctions@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?GetVersionMark@ExportFunctions@@SAHXZ
?GetVersionObj@ConfigurationFunctions@@SAHXZ
?Get_DB_PB@ConfigurationFunctions@@SAXHAAVMyByteArray@@@Z
?Initialize@MyByteArray@@QAEXH@Z
?Initialize@MyByteArray@@QAEXXZ
?ItemBeDeleted@ExportFunctions@@SA_NH@Z
?ReadByte@MyByteArray@@QAEEH@Z
?ReadByte@MyByteArray@@QAEEXZ
?ReadBytes@MyByteArray@@QAEHPAEH@Z
?ReadBytes@MyByteArray@@QAEHPAEHH@Z
?ReadCfgFile@ExportFunctions@@SAXPAVMyByteArray@@H@Z
?ReadDouble@MyByteArray@@QAENH@Z
?ReadDouble@MyByteArray@@QAENXZ
?ReadEncodeString@MyByteArray@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HH@Z
?ReadEncodeString@MyByteArray@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HHH@Z
?ReadFile@ExportFunctions@@SA_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?ReadFloat@MyByteArray@@QAEMH@Z
?ReadFloat@MyByteArray@@QAEMXZ
?ReadInt16@MyByteArray@@QAEFH@Z
?ReadInt16@MyByteArray@@QAEFXZ
?ReadInt32@MyByteArray@@QAEHH@Z
?ReadInt32@MyByteArray@@QAEHXZ
?ReadInt64@MyByteArray@@QAE_JH@Z
?ReadInt64@MyByteArray@@QAE_JXZ
?ReadString@MyByteArray@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H_N@Z
?ReadString@MyByteArray@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H_NH@Z
?ReadUInt16@MyByteArray@@QAEGH@Z
?ReadUInt16@MyByteArray@@QAEGXZ
?ReadUInt32@MyByteArray@@QAEIH@Z
?ReadUInt32@MyByteArray@@QAEIXZ
?ReadUInt64@MyByteArray@@QAE_KH@Z
?ReadUInt64@MyByteArray@@QAE_KXZ
?ReadWstring@MyByteArray@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H_N@Z
?ReadWstring@MyByteArray@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H_NH@Z
?RefreshItem@ExportFunctions@@SAXHH@Z
?RefreshItems@ExportFunctions@@SAXH@Z
?RefreshItems@ExportFunctions@@SAXHHH@Z
?Resize@MyByteArray@@QAEXH_N@Z
?ResizeDiff@MyByteArray@@QAEXH_N@Z
?SaveFile@ExportFunctions@@SA_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?SaveToFile@MyByteArray@@QAE_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Seek@MyByteArray@@QAEXH@Z
?Seek@MyByteArray@@QAEXHW4_Seekdir@?$_Iosb@H@std@@@Z
?SetCurParamIndex@ExportFunctions@@SAXH@Z
?SetItemChecked@ExportFunctions@@SAXH_N@Z
?SetItemDetail@ExportFunctions@@SAXHHAAVMyByteArray@@@Z
?Set_DB_PB@ConfigurationFunctions@@SAXHAAVMyByteArray@@@Z
?Tell@MyByteArray@@QAEHXZ
?TransformXiaoAo@ConfigurationFunctions@@SA_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0_N@Z
?Turn@ConfigurationFunctions@@SAXH@Z
?WriteByte@MyByteArray@@QAEXE@Z
?WriteByte@MyByteArray@@QAEXEH@Z
?WriteBytes@MyByteArray@@QAEHPAEH@Z
?WriteBytes@MyByteArray@@QAEHPAEHH@Z
?WriteDouble@MyByteArray@@QAEXN@Z
?WriteDouble@MyByteArray@@QAEXNH@Z
?WriteFloat@MyByteArray@@QAEXM@Z
?WriteFloat@MyByteArray@@QAEXMH@Z
?WriteInt16@MyByteArray@@QAEXF@Z
?WriteInt16@MyByteArray@@QAEXFH@Z
?WriteInt32@MyByteArray@@QAEXH@Z
?WriteInt32@MyByteArray@@QAEXHH@Z
?WriteInt64@MyByteArray@@QAEX_J@Z
?WriteInt64@MyByteArray@@QAEX_JH@Z
?WriteString@MyByteArray@@QAEHV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H_N@Z
?WriteString@MyByteArray@@QAEHV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H_NH@Z
?WriteUInt16@MyByteArray@@QAEXG@Z
?WriteUInt16@MyByteArray@@QAEXGH@Z
?WriteUInt32@MyByteArray@@QAEXI@Z
?WriteUInt32@MyByteArray@@QAEXIH@Z
?WriteUInt64@MyByteArray@@QAEX_K@Z
?WriteUInt64@MyByteArray@@QAEX_KH@Z
?WriteWstring@MyByteArray@@QAEHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H_N@Z
?WriteWstring@MyByteArray@@QAEHV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H_NH@Z
?WriteZeroBytes@MyByteArray@@QAEHH@Z
?WriteZeroBytes@MyByteArray@@QAEHHH@Z
?char2string@MyByteArray@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAD@Z
?char2wstring@MyByteArray@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PAD@Z
?checkLen@MyByteArray@@AAEXH@Z
?const_capacity@MyByteArray@@0HB
?decode@ConfigurationFunctions@@CAPAEPAEAAH_N@Z
?maxLen@MyByteArray@@0HB
?readConversation@ConfigurationFunctions@@CA_NAAVMyByteArray@@@Z
?readItem@ConfigurationFunctions@@CA_NAAVMyByteArray@@AAV?$basic_ofstream@DU?$char_traits@D@std@@@std@@AAHHH_N3@Z
?readParam@ConfigurationFunctions@@CA_NAAVMyByteArray@@AAV?$basic_ofstream@DU?$char_traits@D@std@@@std@@_N@Z
?transformXiaoAo@ConfigurationFunctions@@CAXAAVMyByteArray@@AAV?$basic_ofstream@DU?$char_traits@D@std@@@std@@_N@Z
?wchar2string@MyByteArray@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PA_W@Z
?wchar2wstring@MyByteArray@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PA_W@Z

Sections

.text
Size: - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1792EL4.4?/ElementsInterface.dll
.dll windows:6 windows x86 arch:x86

d9d2ea3edddc00ce7138a450cbc98f78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\Bmifeng\M模板\ElementEditor\Release\ElementsInterface.pdb

Imports

kernel32

TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
Sleep
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
SetUnhandledExceptionFilter

vcruntime140

__current_exception
_except_handler4_common
__FrameUnwindFilter
__std_type_info_destroy_list
__current_exception_context
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_invalid_parameter_noinfo_noreturn
abort
terminate

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

elementsengine

?GetVersionMark@ExportFunctions@@SAHXZ
?GetItemChecked@ExportFunctions@@SA_NH@Z
?GetItemId@ExportFunctions@@SAHH@Z
?GetItemObj@ExportFunctions@@SAHHH@Z
?GetColumnDb@ExportFunctions@@SA_NH@Z
?GetColumn@ExportFunctions@@SAXHAAH0000@Z
?GetColumnObj@ExportFunctions@@SAHHH@Z
?GetColumnCount@ExportFunctions@@SAHH@Z
?GetItemCount@ExportFunctions@@SAHH@Z
?GetParamMark@ExportFunctions@@SAHH@Z
?GetParamType@ExportFunctions@@SAHH@Z
?GetParamObj@ExportFunctions@@SAHH@Z
?GetParamCount@ExportFunctions@@SAHXZ
?SetCurParamIndex@ExportFunctions@@SAXH@Z
?DoTransform@ExportFunctions@@SA_N_N@Z
?GetFileMd5@ExportFunctions@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V23@@Z
?SaveFile@ExportFunctions@@SA_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?ReadFile@ExportFunctions@@SA_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?CheckRegInfo@ExportFunctions@@SA_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?GetSpecName@ExportFunctions@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?GetMarkName@ExportFunctions@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?GetItemName@ExportFunctions@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z
?GetMachineCode@ExportFunctions@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?FixPB@ExportFunctions@@SAXHAAVMyByteArray@@@Z
?FixPB@ExportFunctions@@SAXH_N@Z
?ItemBeDeleted@ExportFunctions@@SA_NH@Z
?RefreshItems@ExportFunctions@@SAXH@Z
?RefreshItems@ExportFunctions@@SAXHHH@Z
?RefreshItem@ExportFunctions@@SAXHH@Z
?GetDBItemObj@ExportFunctions@@SAHHH@Z
??1MyByteArray@@QAE@XZ
?SetItemDetail@ExportFunctions@@SAXHHAAVMyByteArray@@@Z
?GetItemDetail@ExportFunctions@@SAPAVMyByteArray@@H@Z
?GetCurIndex@ExportFunctions@@SAHHH@Z
?DeleteItems@ExportFunctions@@SAXH@Z
?DeleteItem@ExportFunctions@@SAXHH@Z
?AddItem@ExportFunctions@@SAXHH@Z
?GetCheckedItemCount@ExportFunctions@@SAHH@Z
?ClearItemsChecked@ExportFunctions@@SAXH@Z
??4ExportFunctions@@QAEAAV0@ABV0@@Z
??4MyByteArray@@QAEAAV0@ABV0@@Z
??_FMyByteArray@@QAEXXZ
?ReadCfgFile@ExportFunctions@@SAXPAVMyByteArray@@H@Z
??0MyByteArray@@QAE@H@Z
?GetBuffer@MyByteArray@@QAEPAEH@Z
?GetLength@MyByteArray@@QAEHH@Z
?Initialize@MyByteArray@@QAEXH@Z
?SetItemChecked@ExportFunctions@@SAXH_N@Z

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z

mscoree

_CorDllMain

Exports

Exports

??4ExportFunctions@@QAEAAV0@ABV0@@Z
??4MyByteArray@@QAEAAV0@ABV0@@Z
??_FMyByteArray@@QAEXXZ

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1792EL4.4?/Update.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Update.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1792EL4.4?/customversion.data
1792EL4.4?/sign.dll
1792EL4.4?/zlibwapi.dll
.dll windows:4 windows x86 arch:x86

24fe21732b2ce036a30379584f658b90

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crtdll

fwrite
fread
_errno
fclose
free
_vsnprintf
fflush
fseek
fputc
malloc
clearerr
ftell
fprintf
_fdopen
fopen
sprintf
rand
srand
time
_initterm

kernel32

CloseHandle
CreateFileA
GetLastError
ReadFile
WriteFile
SetFilePointer
GlobalFree
GlobalAlloc
GetVersion

Exports

Exports

adler32
compress
compress2
compressBound
crc32
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
fill_win32_filefunc
get_crc_table
gzclearerr
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGetFilePos
unzGetGlobalComment
unzGetGlobalInfo
unzGetLocalExtrafield
unzGoToFilePos
unzGoToFirstFile
unzGoToNextFile
unzLocateFile
unzOpen
unzOpen2
unzOpenCurrentFile
unzOpenCurrentFile2
unzOpenCurrentFile3
unzOpenCurrentFilePassword
unzReadCurrentFile
unzStringFileNameCompare
unzeof
unztell
zError
zipClose
zipCloseFileInZip
zipCloseFileInZipRaw
zipOpen
zipOpen2
zipOpenNewFileInZip
zipOpenNewFileInZip2
zipOpenNewFileInZip3
zipWriteInFileInZip
zlibCompileFlags
zlibVersion

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2df5ae94022781dbc01ee7bd312dbbe3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

user32

Sections

.text Size: - Virtual size: 101KB

.rdata Size: - Virtual size: 27KB

.data Size: - Virtual size: 12KB

.vmp0 Size: - Virtual size: 908KB

.vmp1 Size: 1.0MB - Virtual size: 1.0MB

.rsrc Size: 11KB - Virtual size: 10KB

8529a09d4da4546aea9ec3783863db63

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 86KB

.rdata Size: - Virtual size: 23KB

.data Size: - Virtual size: 3KB

.vmp0 Size: - Virtual size: 2.6MB

.vmp1 Size: 3.0MB - Virtual size: 3.0MB

.reloc Size: 512B - Virtual size: 176B

.rsrc Size: 512B - Virtual size: 469B

d9d2ea3edddc00ce7138a450cbc98f78

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

elementsengine

msvcp140

mscoree

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 83KB - Virtual size: 83KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 88KB - Virtual size: 87KB

.sdata Size: 512B - Virtual size: 177B

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 101KB

.rdata
Size: - Virtual size: 27KB

.data
Size: - Virtual size: 12KB

.vmp0
Size: - Virtual size: 908KB

.vmp1
Size: 1.0MB - Virtual size: 1.0MB

.rsrc
Size: 11KB - Virtual size: 10KB

.text
Size: - Virtual size: 86KB

.rdata
Size: - Virtual size: 23KB

.data
Size: - Virtual size: 3KB

.vmp0
Size: - Virtual size: 2.6MB

.vmp1
Size: 3.0MB - Virtual size: 3.0MB

.reloc
Size: 512B - Virtual size: 176B

.rsrc
Size: 512B - Virtual size: 469B

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 88KB - Virtual size: 87KB

.sdata
Size: 512B - Virtual size: 177B

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 92B

.rsrc
Size: 1024B - Virtual size: 872B

.reloc
Size: 1024B - Virtual size: 960B