qakbot | 5701246587142144[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

5701246587142144.zip
Size

7.2MB
MD5

e1ec71ecb5d99295a40281144b04aa5f
SHA1

40a2ec5306e14d65f38b4653a01583a8f4a8297d
SHA256

863c95381f044af0f3c8a012cb8de00f0ef51e078602a880e1945e76fc869c4a
SHA512

9208287681d1d26ea974e19f17a016d9474224127d20692ccf97570a6be79e932f14f91f17f9b573caa4a9cc8f2828da4c9a9198a741eec4398fcb1345cc1298

Score

10^/10

abc108m 1607356318 abc119 1611224824 qakbot

Malware Config

Extracted

Family

qakbot

Version

401.62

Botnet

abc108m

Campaign

1607356318

92.59.35.196:2083

2.89.122.180:995

78.181.19.134:443

5.193.175.76:2078

24.139.72.117:443

62.38.114.12:2222

2.51.240.250:995

174.62.13.151:443

189.210.115.207:443

71.197.126.250:443

187.7.236.197:995

187.149.126.53:443

96.247.180.108:443

174.55.197.4:443

187.190.250.175:443

24.206.4.203:2222

72.36.11.22:443

197.135.240.243:443

216.137.142.200:2222

160.3.184.253:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Extracted

Family

qakbot

Version

401.138

Botnet

abc119

Campaign

1611224824

106.51.52.111:443

83.110.12.140:2222

89.3.198.238:443

86.220.60.133:2222

45.77.115.208:8443

45.77.115.208:995

71.117.132.169:443

82.76.47.211:443

125.63.101.62:443

86.98.93.124:2078

178.152.70.12:995

78.97.207.104:443

77.27.174.49:995

173.70.165.101:995

64.121.114.87:443

188.24.128.253:443

89.137.211.239:995

80.227.5.70:443

81.97.154.100:443

98.121.187.78:443

Attributes

salt
jHxastDcds)oMc=jvh7wdUhxcsdt2

Signatures

Qakbot family
qakbot

Files

5701246587142144.zip
.zip

Password: infected
021865faa3b24771036f065fc7bd26230e5294e471ab21334e85010b1e9196bf
.dll regsvr32 windows x86

b57a9ed9a0d4e3ddadf6376595cf1312

Code Sign

e9:53:ad:a7:e8:f1:43:8e:5f:76:80:ff:59:9a:e4:3e
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-03-2021 00:00

Not After

03-03-2022 23:59

Subject

CN=KULBYT LLC,O=KULBYT LLC,POSTALCODE=196084,STREET=Novoroshchinskaya street\, 4\, office. 1032-1,L=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bc:e9:aa:9e:a7:fc:ff:f4:6a:be:d0:62:0a:83:54:d4:09:3f:95:c6
Signer

Actual PE Digest

bc:e9:aa:9e:a7:fc:ff:f4:6a:be:d0:62:0a:83:54:d4:09:3f:95:c6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=KULBYT LLC,O=KULBYT LLC,POSTALCODE=196084,STREET=Novoroshchinskaya street\, 4\, office. 1032-1,L=Saint Petersburg,C=RU

12-03-2022 14:42
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetTimeZoneInformation
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetACP
HeapSize
HeapReAlloc
GetProfileStringA
RaiseException
HeapAlloc
HeapFree
TerminateProcess
ExitProcess
GetCommandLineA
GetStartupInfoA
RtlUnwind
FormatMessageA
GetFileTime
GetFileSize
GetFileAttributesA
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
SetErrorMode
GetOEMCP
GetCPInfo
GetThreadLocale
SizeofResource
GetProcessVersion
GetLastError
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
WritePrivateProfileStringA
GlobalFlags
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
MulDiv
SetLastError
InterlockedDecrement
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GetProcAddress
lstrlenA
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
LCMapStringA
lstrlenW

user32

InvalidateRect
CharUpperA
RegisterClipboardFormatA
PostThreadMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
SetForegroundWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
CharNextA
GetWindowRect
CopyRect
GetDC
ReleaseDC
MapDialogRect
SetWindowPos
SetWindowContextHelpId
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
SetRect
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
LoadIconA
SendMessageA
DrawIcon
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
PostQuitMessage
PostMessageA
wsprintfA
GetDlgItemTextW
GetWindow
DestroyMenu
InflateRect
MessageBeep
GetForegroundWindow
GetNextDlgGroupItem
GetWindowLongA
SetDlgItemTextW
SetParent
ShowWindow
SetWindowRgn
EnableWindow
SetWindowLongA
MessageBoxW
IsIconic
GetSystemMetrics
DefDlgProcA
IsWindowUnicode
GetClientRect
LoadStringA
GetSysColorBrush
PtInRect
GetClassNameA
GetDesktopWindow
LoadCursorA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
GetDlgItemTextA
ModifyMenuA
CopyAcceleratorTableA
GetWindowPlacement

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
SetViewportOrgEx
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
PatBlt
CreateBitmap
CreatePolygonRgn
CreateDIBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateRectRgn

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoCreateInstance
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize

oleaut32

SysAllocStringLen
SysFreeString
VariantClear
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysAllocStringByteLen
SysStringLen
SysAllocString

Exports

Exports

DllRegisterServer

Sections

.text
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

DATA
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
26de26ea18887ba25628c2d3e8834c00ce76b8c84d8be770f31b79c83b681cff
.dll windows x86

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 500KB - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
305e8e14bc1552266f47de8bde90c3aaf7f22432424a2be97414a79a7dc77df8
.dll windows x86

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
47ea7ae3c9a8f8bb1b5525fb962f092d08a981d4cfdb41ce0d1d81ebfa35cc94
.dll windows x86

Code Sign

c3:18:d8:76:76:82:58:a6:96:ab:9d:d8:25:e2:7a:cd
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08-03-2021 00:00

Not After

08-03-2022 23:59

Subject

CN=OOO Genezis,O=OOO Genezis,POSTALCODE=450077,STREET=Kommunisticheskaya street\, 116\, office 16,L=Ufa,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:53:be:3c:b9:88:6c:2d:53:97:4a:71:90:a0:60:bb:6f:bf:40:4b
Signer

Actual PE Digest

13:53:be:3c:b9:88:6c:2d:53:97:4a:71:90:a0:60:bb:6f:bf:40:4b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=OOO Genezis,O=OOO Genezis,POSTALCODE=450077,STREET=Kommunisticheskaya street\, 116\, office 16,L=Ufa,C=RU

12-03-2022 14:42
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 838KB - Virtual size: 838KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
51ab9788b91c7fa71567e1d3abb19f6d2542f2a75f0f11a5b2e4c1fd05387d77
.dll windows x86

6527345f9aee9363b094aad01304de88

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualProtect
GetCurrentThread

user32

CheckDlgButton
GetCursorInfo
CheckMenuRadioItem
GetCaretBlinkTime
CheckRadioButton
GetCapture
CheckMenuItem

ole32

CoCreateGuid
CoGetCurrentLogicalThreadId
CoFileTimeNow
OleUninitialize
CoGetContextToken
CoFreeUnusedLibraries
CoGetCurrentProcess
OleInitialize

advapi32

LsaOpenTrustedDomain

Sections

.text
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 64.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
587547a79fd6f8c7fb625a43b3d7f6dd24505ab86d404dd5b54d62038d9479fd
.dll regsvr32 windows x86

8214efb19d4c085a17e4d24c69d9ffd5

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_ntoa

psapi

GetModuleFileNameExW

msvcrt

_time64
strtod
_HUGE
localeconv
strchr
strncpy
malloc
free
qsort
memcpy
memmove
memset
atol
_vsnwprintf
_snprintf
_vsnprintf
_strtoi64
memchr
_errno

kernel32

lstrcmpA
lstrcpynA
GetCurrentProcess
GetCurrentThread
GetExitCodeThread
CreateMutexA
DuplicateHandle
GetLastError
lstrcatA
CreateDirectoryW
lstrlenA
DisconnectNamedPipe
lstrcpynW
GetProcessId
CopyFileW
lstrcatW
DeleteFileW
lstrcpyW
lstrcmpiW
CloseHandle
GetCurrentProcessId
GetDriveTypeW
GetModuleHandleA
lstrlenW
MoveFileW
GetProcAddress
SwitchToThread
InterlockedIncrement
SetThreadPriority
HeapAlloc
HeapFree
HeapCreate
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
GetSystemTimeAsFileTime
SetLastError
lstrcmpiA
LoadLibraryA
GetExitCodeProcess
CreatePipe
GetWindowsDirectoryW
FindFirstFileW
FindNextFileW
SetFileAttributesW
FlushFileBuffers
LocalAlloc
LoadLibraryW
GetTickCount
GetModuleFileNameW
GetSystemInfo
GetVersionExA

user32

CreateWindowExA
CharUpperBuffW
CharUpperBuffA
GetSystemMetrics
RegisterClassExA
DestroyWindow
DefWindowProcA
UnregisterClassA

advapi32

GetSidSubAuthority
OpenProcessToken
RegSetValueExW
RegQueryValueExW
IsTextUnicode
RegDeleteValueA
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
RegUnLoadKeyW
RegLoadKeyW
ConvertSidToStringSidW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
LookupAccountNameW
LookupAccountSidW
GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket

oleaut32

SafeArrayGetUBound
SysAllocString
SysFreeString
SafeArrayGetElement
SafeArrayDestroy
VariantClear
SafeArrayGetLBound

userenv

GetUserProfileDirectoryW

Exports

Exports

DllRegisterServer

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
58878537dcf0d621aeffb66a32a40c52fa8588c832d631b988e59673bede9914
.dll windows x86

b6a19f1001dd6b1b07bd285855d8f1af

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteAtom
SetFilePointerEx
HeapCreate
ReleaseMutex
CreateMutexW
WaitForMultipleObjects
GetCurrentThreadId
CreateTimerQueue
GetSystemInfo
AddAtomW
CreateFileW

user32

GetDlgItem
SetDlgItemInt
SetDlgItemTextA
GetDlgItemTextA
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
SendDlgItemMessageA
DefDlgProcA
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EnumClipboardFormats
EmptyClipboard
CharUpperA
CharLowerBuffA
SetFocus
GetActiveWindow
SetTimer
KillTimer
EnableWindow
LoadAcceleratorsA
DestroyAcceleratorTable
DialogBoxParamA
GetSystemMetrics
GetMenu
GetSystemMenu
CreatePopupMenu
DestroyMenu
CheckMenuItem
EnableMenuItem
GetSubMenu
AppendMenuA
RemoveMenu
TrackPopupMenu
InsertMenuItemA
SetMenuItemInfoA
SetActiveWindow
InvalidateRect
RedrawWindow
SetWindowTextA
GetWindowTextA
GetClientRect
GetWindowRect
MessageBoxA
SetCursor
GetCursorPos
ClientToScreen
ChildWindowFromPoint
GetSysColor
GetSysColorBrush
GetWindowLongA
SetWindowLongA
FindWindowA
CheckMenuRadioItem
LoadCursorA
DestroyCursor
LoadIconA
DestroyIcon
IsDialogMessageA
CreateDialogParamA
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
DestroyWindow
IsMenu
IsWindow
GetClassInfoA
UnregisterClassA
RegisterClassA
CallWindowProcA
PostQuitMessage
PostMessageA
SendMessageA
DispatchMessageA
TranslateMessage
GetMessageA
wsprintfA
wvsprintfA
EndDialog
TranslateAcceleratorA

gdi32

SelectObject
SetBkMode
SetTextColor
GetObjectA
DeleteObject
GetStockObject
CreateFontIndirectA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegSetValueA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
GetUserNameA
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

userenv

GetUserProfileDirectoryW
GetProfilesDirectoryW

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
6909c2801f5d2d0a61baa68622a31aaecaaa1bdce1911e809e9246ed616cbe37
.dll windows x86

ef258cd2a69e4871222e8a6651dd9af8

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualProtect
GetCurrentThread
lstrcmpA

user32

SetWindowPos
ShowCursor
ShowWindow

ole32

CoCreateGuid
OleUninitialize
CoFreeUnusedLibraries
CoGetCurrentProcess
CoGetCurrentLogicalThreadId
CoFileTimeNow
CoGetContextToken
OleInitialize

gdi32

GdiGetBitmapBitsSize

advapi32

SystemFunction003

imagehlp

FindFileInPath

msimg32

AlphaBlend

version

GetFileVersionInfoSizeA

winmm

auxGetVolume

winspool.drv

AddPortW

comctl32

GetEffectiveClientRect

oledlg

OleUIPromptUserW

comdlg32

GetFileTitleA

gdiplus

GdipImageSelectActiveFrame

shell32

SHFileOperationA

shlwapi

SHRegSetUSValueA

oleaut32

SysAllocString

Exports

Exports

GetClass
SetClass

Sections

.text
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdatat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 20KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 20KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 20KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
69ac3f3a76d2fdee0f031545587254ab8abc9f48d7d0b1cb54b6caea3d35bb85
.dll windows x86

Code Sign

c3:18:d8:76:76:82:58:a6:96:ab:9d:d8:25:e2:7a:cd
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08-03-2021 00:00

Not After

08-03-2022 23:59

Subject

CN=OOO Genezis,O=OOO Genezis,POSTALCODE=450077,STREET=Kommunisticheskaya street\, 116\, office 16,L=Ufa,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a6:da:6f:c8:ff:16:06:97:1f:a5:4b:27:71:3e:98:62:1d:02:88:ad
Signer

Actual PE Digest

a6:da:6f:c8:ff:16:06:97:1f:a5:4b:27:71:3e:98:62:1d:02:88:ad

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=OOO Genezis,O=OOO Genezis,POSTALCODE=450077,STREET=Kommunisticheskaya street\, 116\, office 16,L=Ufa,C=RU

12-03-2022 14:42
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 838KB - Virtual size: 838KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
6ce8fbedc5fd65785ce950cd2c6e670f89c6f3e9cdd41d6abcf86b61eee911f2
.dll regsvr32 windows x86

b57a9ed9a0d4e3ddadf6376595cf1312

Code Sign

e9:53:ad:a7:e8:f1:43:8e:5f:76:80:ff:59:9a:e4:3e
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-03-2021 00:00

Not After

03-03-2022 23:59

Subject

CN=KULBYT LLC,O=KULBYT LLC,POSTALCODE=196084,STREET=Novoroshchinskaya street\, 4\, office. 1032-1,L=Saint Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:cf:c8:62:26:b2:9d:5a:d0:3e:70:15:60:55:6d:0d:00:72:10:1b
Signer

Actual PE Digest

09:cf:c8:62:26:b2:9d:5a:d0:3e:70:15:60:55:6d:0d:00:72:10:1b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=KULBYT LLC,O=KULBYT LLC,POSTALCODE=196084,STREET=Novoroshchinskaya street\, 4\, office. 1032-1,L=Saint Petersburg,C=RU

12-03-2022 14:42
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetTimeZoneInformation
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetACP
HeapSize
HeapReAlloc
GetProfileStringA
RaiseException
HeapAlloc
HeapFree
TerminateProcess
ExitProcess
GetCommandLineA
GetStartupInfoA
RtlUnwind
FormatMessageA
GetFileTime
GetFileSize
GetFileAttributesA
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
SetErrorMode
GetOEMCP
GetCPInfo
GetThreadLocale
SizeofResource
GetProcessVersion
GetLastError
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
WritePrivateProfileStringA
GlobalFlags
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
MulDiv
SetLastError
InterlockedDecrement
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GetProcAddress
lstrlenA
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
CloseHandle
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
LCMapStringA
lstrlenW

user32

InvalidateRect
CharUpperA
RegisterClipboardFormatA
PostThreadMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
SetForegroundWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
CharNextA
GetWindowRect
CopyRect
GetDC
ReleaseDC
MapDialogRect
SetWindowPos
SetWindowContextHelpId
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
SetRect
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
LoadIconA
SendMessageA
DrawIcon
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
PostQuitMessage
PostMessageA
wsprintfA
GetDlgItemTextW
GetWindow
DestroyMenu
InflateRect
MessageBeep
GetForegroundWindow
GetNextDlgGroupItem
GetWindowLongA
SetDlgItemTextW
SetParent
ShowWindow
SetWindowRgn
EnableWindow
SetWindowLongA
MessageBoxW
IsIconic
GetSystemMetrics
DefDlgProcA
IsWindowUnicode
GetClientRect
LoadStringA
GetSysColorBrush
PtInRect
GetClassNameA
GetDesktopWindow
LoadCursorA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
GetDlgItemTextA
ModifyMenuA
CopyAcceleratorTableA
GetWindowPlacement

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
SetViewportOrgEx
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
PatBlt
CreateBitmap
CreatePolygonRgn
CreateDIBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateRectRgn

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoInitialize
CoCreateInstance
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize

oleaut32

SysAllocStringLen
SysFreeString
VariantClear
VariantTimeToSystemTime
VariantCopy
VariantChangeType
SysAllocStringByteLen
SysStringLen
SysAllocString

Exports

Exports

DllRegisterServer

Sections

.text
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

DATA
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
7a91436b7a51dfd164632e7da459c4fb35f8edfea1dea8c438ee75e3f2e0400c
.dll windows x86

c900f0b45b7574481cc6a21428393566

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationW
TlsSetValue
RemoveDirectoryW
GetTempPathW
CreateFileW
GetVersionExW
GetSystemDirectoryW
FindFirstChangeNotificationW
OpenProcess
TlsAlloc
FindResourceW
GetCurrentDirectoryW
VirtualProtectEx
GetWindowsDirectoryW
GetModuleHandleW
GetSystemTime
QueryPerformanceCounter
GetDateFormatW
WriteConsoleW
SetEndOfFile
HeapReAlloc
HeapSize
GetStringTypeW
ReadConsoleW
ReadFile
SetStdHandle
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
HeapFree
CloseHandle
HeapAlloc
GetStdHandle
GetFileType
GetFileSizeEx
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
DecodePointer

ws2_32

socket
getprotobynumber
send
WSAStartup
htons
recvfrom
getservbyname
setsockopt
getservbyport
recv
ntohs
WSACleanup
getsockopt

winspool.drv

OpenPrinterW
GetPrinterW
ClosePrinter
DocumentPropertiesW
DeletePrinterConnectionW
EnumPrintersW

Exports

Exports

Black
Bloodbroad
Callnation
Foresthome
JumpCreate
Lightwind
Rockline
Subtractmost

Sections

.text
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 319KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8f5843efe1c817ec78ecc53206b70df0badb70dda8cfdb18fefd2ab9bff0e9d4
.dll regsvr32 windows x86

a89679aec70fab3dbac762460558a4bc

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_ntoa

psapi

GetModuleFileNameExW

msvcrt

_time64
strtod
_HUGE
localeconv
strchr
strncpy
malloc
free
qsort
memcpy
memmove
memset
atol
_vsnwprintf
_snprintf
_vsnprintf
_strtoi64
memchr
_errno

kernel32

lstrcmpA
lstrlenA
lstrcpynA
GetCurrentProcess
GetCurrentThread
MultiByteToWideChar
GetExitCodeThread
GetOEMCP
CreateMutexA
DuplicateHandle
GetCurrentProcessId
GetLastError
lstrcatA
CreateDirectoryW
DisconnectNamedPipe
lstrcpynW
GetProcessId
CopyFileW
lstrcatW
DeleteFileW
lstrcpyW
lstrcmpiW
CloseHandle
GetDriveTypeW
GetModuleHandleA
lstrlenW
MoveFileW
GetProcAddress
SwitchToThread
InterlockedIncrement
SetThreadPriority
HeapAlloc
HeapFree
HeapCreate
WideCharToMultiByte
FreeLibrary
GetSystemTimeAsFileTime
SetLastError
lstrcmpiA
LoadLibraryA
GetExitCodeProcess
CreatePipe
GetWindowsDirectoryW
FindFirstFileW
FindNextFileW
SetFileAttributesW
FlushFileBuffers
LocalAlloc
LoadLibraryW
GetTickCount
GetModuleFileNameW
GetSystemInfo
GetVersionExA

user32

CreateWindowExA
CharUpperBuffW
CharUpperBuffA
GetSystemMetrics
RegisterClassExA
DestroyWindow
DefWindowProcA
UnregisterClassA

advapi32

GetSidSubAuthority
OpenProcessToken
RegSetValueExW
RegQueryValueExW
IsTextUnicode
RegDeleteValueA
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
RegUnLoadKeyW
RegLoadKeyW
ConvertSidToStringSidW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
LookupAccountNameW
LookupAccountSidW
GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket

oleaut32

SafeArrayGetUBound
SysAllocString
SysFreeString
SafeArrayGetElement
SafeArrayDestroy
VariantClear
SafeArrayGetLBound

userenv

GetUserProfileDirectoryW

Exports

Exports

DllRegisterServer

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
98d07ae48bad89ce3395dd0a67deafc5a8dd941b151b03cca0dbdfef033bbf0b
.dll windows x86

ef258cd2a69e4871222e8a6651dd9af8

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualProtect
GetCurrentThread
lstrcmpA

user32

SetWindowPos
ShowCursor
ShowWindow

ole32

CoCreateGuid
OleUninitialize
CoFreeUnusedLibraries
CoGetCurrentProcess
CoGetCurrentLogicalThreadId
CoFileTimeNow
CoGetContextToken
OleInitialize

gdi32

GdiGetBitmapBitsSize

advapi32

SystemFunction003

imagehlp

FindFileInPath

msimg32

AlphaBlend

version

GetFileVersionInfoSizeA

winmm

auxGetVolume

winspool.drv

AddPortW

comctl32

GetEffectiveClientRect

oledlg

OleUIPromptUserW

comdlg32

GetFileTitleA

gdiplus

GdipImageSelectActiveFrame

shell32

SHFileOperationA

shlwapi

SHRegSetUSValueA

oleaut32

SysAllocString

Exports

Exports

GetClass
SetClass

Sections

.text
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdatat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 20KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 20KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 20KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
9c5c2af628233f118a88fb03f859e0f92f4393c8dd7c8204afe15af161f568c7
.dll windows x86

aaed1872b64a7ab7a4258d3c66cff7a0

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualProtect
GetCurrentThread
lstrcmpA
CreateTapePartition

imagehlp

MapAndLoad
FindFileInSearchPath
SymSetContext

comdlg32

FindTextW

gdi32

GetICMProfileA
FrameRgn
GetStretchBltMode

comctl32

FreeMRUList

version

VerFindFileA
GetFileVersionInfoA

oleaut32

SafeArraySetRecordInfo
VarI8FromUI8

oledlg

OleUIChangeIconA
OleUIChangeSourceW

user32

LoadMenuIndirectA

shell32

RestartDialogEx
StrStrIA

advapi32

CreatePrivateObjectSecurityEx
GetAclInformation

winmm

midiStreamPause

oleacc

IID_IAccessible
AccessibleChildren

ole32

ComPs_NdrDllGetClassObject
DllGetClassObject
CoDeactivateObject
DllRegisterServer

msimg32

DllInitialize

shlwapi

StrFromTimeIntervalA

winspool.drv

AddPrinterDriverA
FreePrinterNotifyInfo

Exports

Exports

GetClass

Sections

.text
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdatat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9e00cf7d03bf640ddd50390008308926ae82f906ece239e65f628182086e030d
.dll windows x86

ef258cd2a69e4871222e8a6651dd9af8

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualProtect
GetCurrentThread
lstrcmpA

user32

SetWindowPos
ShowCursor
ShowWindow

ole32

CoCreateGuid
OleUninitialize
CoFreeUnusedLibraries
CoGetCurrentProcess
CoGetCurrentLogicalThreadId
CoFileTimeNow
CoGetContextToken
OleInitialize

gdi32

GdiGetBitmapBitsSize

advapi32

SystemFunction003

imagehlp

FindFileInPath

msimg32

AlphaBlend

version

GetFileVersionInfoSizeA

winmm

auxGetVolume

winspool.drv

AddPortW

comctl32

GetEffectiveClientRect

oledlg

OleUIPromptUserW

comdlg32

GetFileTitleA

gdiplus

GdipImageSelectActiveFrame

shell32

SHFileOperationA

shlwapi

SHRegSetUSValueA

oleaut32

SysAllocString

Exports

Exports

GetClass
SetClass

Sections

.text
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdatat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 20KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 20KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 20KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
9e7db9c87fc4374a2c88cc5f1bdc540205e161423010b2ee826b88b7b3503f2b
.dll windows x86

2d8b5b7f7bbbd24042bffc41ef959fd0

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
LoadLibraryA
VirtualAlloc
VirtualProtect
GetProcAddress
lstrlenA
lstrcatA

imagehlp

SymGetLinePrev64

gdiplus

GdipIsEmptyRegion

advapi32

FreeEncryptionCertificateHashList

Exports

Exports

DllRegister

Sections

.code
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 81B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdataf
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
c91d53d89ad9c476b5b43cfb1c169e2620b1244df5ffb9a9e0d1654cd6a105e6
.dll regsvr32 windows x86

2ac7a340a3aa040cc3a8e404720833a5

Code Sign

88:15:73:fc:67:ff:73:95:dd:e5:bc:cf:bc:e5:b0:88
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2021 00:00

Not After

03-05-2022 23:59

Subject

CN=Trade in Brasil s.r.o.,O=Trade in Brasil s.r.o.,L=mestská časť Nové Mesto,ST=Bratislavský kraj,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:94:21:d5:73:3f:a0:f0:15:d7:4f:2e:ed:9f:5f:9c:b8:36:54:53
Signer

Actual PE Digest

70:94:21:d5:73:3f:a0:f0:15:d7:4f:2e:ed:9f:5f:9c:b8:36:54:53

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Trade in Brasil s.r.o.,O=Trade in Brasil s.r.o.,L=mestská časť Nové Mesto,ST=Bratislavský kraj,C=SK

12-03-2022 14:42
Valid: true

Chain 1

CN=Trade in Brasil s.r.o.,O=Trade in Brasil s.r.o.,L=mestská časť Nové Mesto,ST=Bratislavský kraj,C=SK

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Chain 2

CN=Trade in Brasil s.r.o.,O=Trade in Brasil s.r.o.,L=mestská časť Nové Mesto,ST=Bratislavský kraj,C=SK

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptGetHashParam
CryptHashData
CryptImportKey
CryptReleaseContext

gdi32

AbortDoc
BitBlt
ChoosePixelFormat
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectW
CreateFontW
CreatePatternBrush
CreateSolidBrush
DeleteDC
DeleteObject
EndDoc
EndPage
GetCharABCWidthsW
GetCharWidth32W
GetClipBox
GetDeviceCaps
GetObjectW
GetStockObject
GetTextFaceW
GetTextMetricsW
RestoreDC
SaveDC
SelectObject
SetBkColor
SetBkMode
SetDIBits
SetMapMode
SetPixelFormat
SetStretchBltMode
SetTextColor
StartDocW
StartPage
StretchBlt
SwapBuffers

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateMutexW
CreateProcessA
CreateProcessW
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExpandEnvironmentStringsA
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetFullPathNameW
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepEx
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VerSetConditionMask
VerifyVersionInfoA
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

__getmainargs
__initenv
__lconv_init
__mb_cur_max
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_beginthreadex
_cexit
_chdir
_chmod
_close
_endthreadex
_errno
_findclose
_findfirst
_findnext
_fstati64
_fullpath
_getcwd
_initterm
_iob
_lock
_lseeki64
_mkdir
_onexit
_open
_putws
_putenv
_rmdir
_read
_setjmp3
_stat
_stati64
_strdup
_sys_nerr
_ultoa
_unlock
_utime
_vsnprintf
_vsnwprintf
_wchdir
_wchmod
_wfindfirst
_wfindnext
_wfopen
_wfullpath
_wgetcwd
_wgetenv
_wmkdir
_wputenv
_wremove
_wrename
_wrmdir
_write
_wstat
abort
atof
atoi
calloc
exit
fclose
feof
ferror
fflush
fgets
fgetwc
fopen
fprintf
fputc
fputs
fputws
fread
free
fseek
ftell
fwrite
getc
getchar
getenv
gmtime
isalnum
isalpha
isgraph
islower
isprint
isspace
isupper
isxdigit
rename
mktime
localtime
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
puts
qsort
rand
realloc
remove
srand
setlocale
signal
strchr
strcmp
strcpy
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strstr
strtol
strtoul
time
tolower
toupper
ungetc
vfprintf
wcscat
wcscpy
wcslen

ole32

IIDFromString
OleCreate
OleInitialize
OleSetContainedObject

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString

shell32

DragAcceptFiles
DragFinish
DragQueryFileW
DragQueryPoint
SHBrowseForFolderA
SHBrowseForFolderW
SHGetPathFromIDListA
SHGetPathFromIDListW
ShellExecuteA
ShellExecuteW
Shell_NotifyIconW

user32

AdjustWindowRect
AdjustWindowRectEx
AppendMenuW
BeginDeferWindowPos
CallNextHookEx
CallWindowProcA
CallWindowProcW
ChangeDisplaySettingsA
CheckMenuItem
ClientToScreen
CloseClipboard
CopyImage
CopyRect
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExA
CreateWindowExW
DefDlgProcW
DefWindowProcA
DefWindowProcW
DeferWindowPos
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DrawFocusRect
DrawFrameControl
DrawMenuBar
DrawTextW
EmptyClipboard
EnableMenuItem
EnableWindow
EndDeferWindowPos
EnumChildWindows
EnumDisplaySettingsA
EnumWindows
FillRect
FrameRect
GetActiveWindow
GetClassLongW
GetClassNameW
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDesktopWindow
GetFocus
GetForegroundWindow
GetKeyState
GetMenu
GetMenuItemCount
GetParent
GetScrollPos
GetSysColor
GetSystemMetrics
GetUpdateRect
GetWindowInfo
GetWindowLongA
GetWindowLongW
GetWindowModuleFileNameW
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
InflateRect
InvalidateRect
IsClipboardFormatAvailable
IsDialogMessageA
IsIconic
IsRectEmpty
IsZoomed
LoadCursorA
LoadCursorW
LoadIconW
MessageBoxA
MessageBoxW
MoveWindow
MsgWaitForMultipleObjects
OffsetRect
OpenClipboard
PeekMessageA
PostMessageA
PostMessageW
PostThreadMessageA
RedrawWindow
RegisterClassA
RegisterClassExA
RegisterClassExW
RegisterClassW
RegisterHotKey
ReleaseCapture
ReleaseDC
ScreenToClient
SendMessageA
SendMessageW
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuInfo
SetMenuItemBitmaps
SetMenuItemInfoW
SetScrollPos
SetWindowLongA
SetWindowLongW
SetWindowPos
SetWindowTextW
SetWindowsHookExA
SetWindowsHookExW
ShowCursor
ShowWindow
TrackPopupMenu
TranslateMessage
UnhookWindowsHookEx
UnregisterHotKey
ValidateRect

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime
timeKillEvent
timeSetEvent

Exports

Exports

DllRegisterServer

Sections

.text
Size: 893KB - Virtual size: 892KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

code
Size: 427KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_WRITE

.rdata
Size: 698KB - Virtual size: 698KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
c98c34178894f01bbcf6dcc7154a0b65f9045d7a11fe27f2eb01101fef67c6a0
.dll windows x86

6527345f9aee9363b094aad01304de88

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualProtect
GetCurrentThread

user32

CheckDlgButton
GetCursorInfo
CheckMenuRadioItem
GetCaretBlinkTime
CheckRadioButton
GetCapture
CheckMenuItem

ole32

CoCreateGuid
CoGetCurrentLogicalThreadId
CoFileTimeNow
OleUninitialize
CoGetContextToken
CoFreeUnusedLibraries
CoGetCurrentProcess
OleInitialize

advapi32

LsaOpenTrustedDomain

Sections

.text
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 64.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e87360bc36b4fbf62b0b29c6e906fedecba483c397bd6fbf5e9a2f4dee9e9f26
.dll regsvr32 windows x86

Code Sign

42:5d:c3:e0:ca:8b:cd:ce:19:d0:0d:87:e3:f0:ba:28
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

25-05-2022 23:59

Subject

CN=Protover LLC,O=Protover LLC,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:8c:87:74:31:a5:87:f3:24:8e:cb:37:cf:91:b9:1d:35:a3:21:dd
Signer

Actual PE Digest

52:8c:87:74:31:a5:87:f3:24:8e:cb:37:cf:91:b9:1d:35:a3:21:dd

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Protover LLC,O=Protover LLC,L=Moscow,C=RU

12-03-2022 14:42
Valid: true

Chain 1

CN=Protover LLC,O=Protover LLC,L=Moscow,C=RU

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Chain 2

CN=Protover LLC,O=Protover LLC,L=Moscow,C=RU

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllRegisterServer

Sections

CODE
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 18B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 602KB - Virtual size: 602KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DATA
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.fiann
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f4edef76d06834247d58f673e162e76b4ee34d1e5e2220f10b1833190e0810a5
.dll windows x86

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 565KB - Virtual size: 565KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 402KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

Password: infected

b57a9ed9a0d4e3ddadf6376595cf1312

Code Sign

e9:53:ad:a7:e8:f1:43:8e:5f:76:80:ff:59:9a:e4:3eCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

01Certificate

Key Usages

bc:e9:aa:9e:a7:fc:ff:f4:6a:be:d0:62:0a:83:54:d4:09:3f:95:c6Signer

Signature Validations

Verification

12-03-2022 14:42 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

oledlg

ole32

oleaut32

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 138KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 16KB - Virtual size: 13KB

.reloc Size: 28KB - Virtual size: 24KB

DATA Size: 224KB - Virtual size: 224KB

Code Sign

Headers

File Characteristics

Sections

CODE Size: 500KB - Virtual size: 499KB

DATA Size: 6KB - Virtual size: 5KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 9KB

.reloc Size: 34KB - Virtual size: 34KB

.rsrc Size: 295KB - Virtual size: 295KB

Code Sign

Headers

File Characteristics

Sections

CODE Size: 312KB - Virtual size: 312KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 7KB

.reloc Size: 22KB - Virtual size: 22KB

.rsrc Size: 149KB - Virtual size: 149KB

Code Sign

c3:18:d8:76:76:82:58:a6:96:ab:9d:d8:25:e2:7a:cdCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

01Certificate

Key Usages

13:53:be:3c:b9:88:6c:2d:53:97:4a:71:90:a0:60:bb:6f:bf:40:4bSigner

Signature Validations

Verification

12-03-2022 14:42 Valid: false

Headers

File Characteristics

Sections

e9:53:ad:a7:e8:f1:43:8e:5f:76:80:ff:59:9a:e4:3e
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

01
Certificate

bc:e9:aa:9e:a7:fc:ff:f4:6a:be:d0:62:0a:83:54:d4:09:3f:95:c6
Signer

12-03-2022 14:42
Valid: false

.text
Size: 140KB - Virtual size: 138KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 16KB - Virtual size: 13KB

.reloc
Size: 28KB - Virtual size: 24KB

DATA
Size: 224KB - Virtual size: 224KB

CODE
Size: 500KB - Virtual size: 499KB

DATA
Size: 6KB - Virtual size: 5KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.reloc
Size: 34KB - Virtual size: 34KB

.rsrc
Size: 295KB - Virtual size: 295KB

CODE
Size: 312KB - Virtual size: 312KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 7KB

.reloc
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 149KB - Virtual size: 149KB

c3:18:d8:76:76:82:58:a6:96:ab:9d:d8:25:e2:7a:cd
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

01
Certificate

13:53:be:3c:b9:88:6c:2d:53:97:4a:71:90:a0:60:bb:6f:bf:40:4b
Signer

12-03-2022 14:42
Valid: false

CODE
Size: 838KB - Virtual size: 838KB

DATA
Size: 14KB - Virtual size: 13KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.reloc
Size: 63KB - Virtual size: 63KB

.rsrc
Size: 219KB - Virtual size: 219KB

.text
Size: 194KB - Virtual size: 194KB

.data
Size: 2KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 64.0MB

.rsrc
Size: 89KB - Virtual size: 88KB

.text
Size: 84KB - Virtual size: 84KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 61KB - Virtual size: 60KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 20B

.rsrc
Size: 196KB - Virtual size: 195KB

.reloc
Size: 8KB - Virtual size: 8KB