9c05e81a7303c6f96b003037a7d6d870a10bfcec71661e9366208ede9e78d3d6

Sharing

Copy URL

Twitter E-mail

General

Target

9c05e81a7303c6f96b003037a7d6d870a10bfcec71661e9366208ede9e78d3d6
Size

1.0MB
MD5

bf042bf7ccded3a365004b473189dc2a
SHA1

f856c4bc98f2c830f447813b1f63694daa50ba6e
SHA256

9c05e81a7303c6f96b003037a7d6d870a10bfcec71661e9366208ede9e78d3d6
SHA512

d9af606ffa54e9080a524d111f053a3394b1aed078132a185ac1277706184c7b3333e7a204da1f31b018f0a44a94b32b9f844878bc8cb945ba900670eeb514ee
SSDEEP

24576:kIdZ5QmZKucM/rAv60vS/nN6n+PUvuWbh:kIdZ5l8wLn8nQMh

Score

N/A

Malware Config

Signatures

Files

9c05e81a7303c6f96b003037a7d6d870a10bfcec71661e9366208ede9e78d3d6
.zip
Memo.xls
.xls windows office2003
TABCTL32.OCX
.dll regsvr32 windows x86

aa8b0ec5b7d56e08d6614ae243221096

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetStringTypeW
GetStringTypeA
VirtualAlloc
LCMapStringW
LCMapStringA
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
ExitProcess
RaiseException
GetOEMCP
GetACP
GetCPInfo
GetModuleHandleA
GetCommandLineA
lstrcpynA
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
FindResourceA
LoadResource
LockResource
GetLastError
InterlockedDecrement
InterlockedIncrement
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
GetModuleFileNameA
MultiByteToWideChar
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
lstrcmpiA
lstrlenA
GlobalSize
IsDBCSLeadByte
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
HeapAlloc
lstrcpyA
EnterCriticalSection
HeapReAlloc
lstrcmpA
GetProcessHeap
InitializeCriticalSection
lstrcatA

user32

SetFocus
MoveWindow
GetWindow
ShowWindow
IsWindowEnabled
PtInRect
IsWindowVisible
GetParent
SetWindowRgn
GetSysColor
CopyRect
DrawFocusRect
DestroyWindow
GetWindowDC
GetWindowRect
CreateWindowExA
SetWindowLongA
CallWindowProcA
GetWindowLongA
SetRectEmpty
SetWindowPos
OffsetRect
WinHelpA
GetNextDlgTabItem
CharNextA
GetClipboardFormatNameA
ScreenToClient
MapWindowPoints
SetCursorPos
RegisterClipboardFormatA
UnregisterClassA
InvalidateRect
ReleaseCapture
CreateDialogIndirectParamA
IsChild
SetParent
EndPaint
IsDialogMessageA
FillRect
InflateRect
EndDialog
GetActiveWindow
DialogBoxParamA
GetCursorPos
LockWindowUpdate
EqualRect
IsWindow
MessageBeep
MessageBoxA
GetDlgItemInt
GetDlgItemTextA
IsDlgButtonChecked
SendDlgItemMessageA
SetDlgItemTextA
SetDlgItemInt
CheckDlgButton
GetDlgItem
wsprintfA
GetKeyState
DefWindowProcA
SetCursor
PeekMessageA
SendMessageA
GetFocus
GetDC
ReleaseDC
SetRect
IsCharAlphaNumericA
VkKeyScanA
CreateAcceleratorTableA
EnableWindow
LoadCursorA
RegisterClassA
DestroyAcceleratorTable
LoadStringA
GetSystemMetrics
ClientToScreen
GetClientRect
BeginPaint
IntersectRect

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateOleAdviseHolder
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
OleSaveToStream
OleLoadFromStream

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SysAllocStringLen
OleCreatePropertyFrame
LoadTypeLi
SafeArrayCopy
SafeArrayRedim
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopyInd
VariantCopy
LoadTypeLibEx
UnRegisterTypeLi
RegisterTypeLi
CreateErrorInfo
SetErrorInfo
VariantChangeType
VariantInit
SysStringLen
OleTranslateColor
GetErrorInfo
OleLoadPicture
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
OleCreatePictureIndirect
SysAllocString
SysFreeString

gdi32

LPtoDP
GetViewportExtEx
CreateRectRgnIndirect
GetWindowExtEx
SetMapMode
GetNearestColor
CreatePalette
GetBitmapBits
CreateDIBitmap
GetDIBits
CopyEnhMetaFileA
CopyMetaFileA
CreateDCA
SetWindowOrgEx
SetViewportOrgEx
SetWindowExtEx
SetViewportExtEx
GetDeviceCaps
DeleteDC
DeleteObject
StretchBlt
SelectObject
CreateBitmap
CreateCompatibleDC
RealizePalette
SelectPalette
GetOutlineTextMetricsA
BitBlt
CreateCompatibleBitmap
SetTextColor
SetBkColor
CreateRectRgn
CreateFontIndirectA
GetObjectA
SelectClipRgn
CombineRgn
CreatePolygonRgn
SetBkMode
CreatePen
TextOutA
GetTextColor
LineTo
MoveToEx
GetTextExtentPoint32A
GetCharWidthA
GetCurrentPositionEx
SetTextAlign
GetStockObject
CreateSolidBrush
OffsetRgn
SetBrushOrgEx
UnrealizeObject
CreateICA
GetPaletteEntries

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.txt
steam明星志愿3自动过场小工具（快捷键F9开启关闭）.exe
.exe windows x64

2004a5f6f543f8c26e144c1ceb66f943

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wsock32

gethostbyname
inet_addr
WSACleanup
gethostname
WSAStartup

winmm

mixerGetLineInfoW
mixerGetDevCapsW
mixerOpen
mciSendStringW
joyGetPosEx
mixerGetLineControlsW
mixerGetControlDetailsW
mixerSetControlDetails
waveOutGetVolume
mixerClose
waveOutSetVolume
joyGetDevCapsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

ImageList_Create
CreateStatusWindowW
ImageList_ReplaceIcon
ImageList_GetIconSize
ImageList_Destroy
ImageList_AddMasked

psapi

GetProcessImageFileNameW
GetModuleBaseNameW
GetModuleFileNameExW

wininet

InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetReadFileExA
InternetReadFile

kernel32

GetModuleFileNameW
GetSystemTimeAsFileTime
FindResourceW
SizeofResource
LoadResource
LockResource
GetFullPathNameW
GetShortPathNameW
FindFirstFileW
FindNextFileW
FindClose
FileTimeToLocalFileTime
SetEnvironmentVariableW
Beep
MoveFileW
OutputDebugStringW
CreateProcessW
GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
SetLastError
GetEnvironmentVariableW
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetDiskFreeSpaceExW
SetVolumeLabelW
CreateFileW
DeviceIoControl
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceW
GetCurrentDirectoryW
CreateDirectoryW
ReadFile
WriteFile
DeleteFileW
SetFileAttributesW
LocalFileTimeToFileTime
SetFileTime
DeleteCriticalSection
GetSystemTime
GetSystemDefaultUILanguage
GetComputerNameW
GetSystemWindowsDirectoryW
GetTempPathW
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
QueryDosDeviceW
CompareStringW
RemoveDirectoryW
CopyFileW
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FormatMessageW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
WritePrivateProfileSectionW
SetEndOfFile
GetACP
GetFileType
GetStdHandle
SetFilePointerEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
IsWow64Process
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesW
LoadLibraryExW
GlobalSize
HeapReAlloc
EncodePointer
HeapFree
DecodePointer
ExitProcess
HeapAlloc
IsValidCodePage
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
GetCPInfo
GetVersionExW
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
GetLastError
CreateMutexW
CloseHandle
GetExitCodeThread
SetThreadPriority
CreateThread
GetStringTypeExW
lstrcmpiW
GetCurrentThreadId
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
SetErrorMode
InitializeCriticalSection
SetCurrentDirectoryW
Sleep
GetTickCount
MulDiv
RtlCaptureContext
HeapSetInformation
GetVersion
HeapCreate
InitializeCriticalSectionAndSpinCount
HeapSize
HeapQueryInformation
GetCommandLineW
GetStartupInfoW
RtlUnwindEx
SetHandleCount
GetStringTypeW
RaiseException
RtlPcToFileHeader
LCMapStringW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetOEMCP
SetFilePointer
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetFileSizeEx
GetProcessHeap

user32

MessageBeep
ClientToScreen
GetCursorInfo
GetLastInputInfo
GetSystemMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuStringW
ExitWindowsEx
SetMenu
FlashWindow
GetPropW
SetPropW
RemovePropW
MapWindowPoints
RedrawWindow
SetWindowLongPtrW
SetParent
GetClassInfoExW
DefDlgProcW
GetAncestor
UpdateWindow
GetMessagePos
GetClassLongPtrW
CallWindowProcW
CheckRadioButton
IntersectRect
GetUpdateRect
PtInRect
CreateDialogIndirectParamW
GetWindowLongPtrW
CreateAcceleratorTableW
DestroyAcceleratorTable
InsertMenuItemW
SetMenuDefaultItem
RemoveMenu
SetMenuItemInfoW
IsMenu
GetMenuItemInfoW
CreateMenu
CreatePopupMenu
SetMenuInfo
AppendMenuW
DestroyMenu
TrackPopupMenuEx
GetDesktopWindow
CopyImage
CreateIconIndirect
CreateIconFromResourceEx
EnumClipboardFormats
GetWindow
BringWindowToTop
MessageBoxW
GetTopWindow
GetQueueStatus
SetDlgItemTextW
LoadAcceleratorsW
EnableMenuItem
GetMenu
CreateWindowExW
RegisterClassExW
LoadCursorW
DestroyIcon
IsCharAlphaW
IsZoomed
VkKeyScanExW
MapVirtualKeyExW
GetKeyboardLayoutNameW
ActivateKeyboardLayout
GetGUIThreadInfo
GetWindowTextW
mouse_event
WindowFromPoint
GetSystemMetrics
keybd_event
SetKeyboardState
GetKeyboardState
GetCursorPos
GetAsyncKeyState
AttachThreadInput
SendInput
UnregisterHotKey
RegisterHotKey
PostQuitMessage
SendMessageTimeoutW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
IsCharAlphaNumericW
IsCharUpperW
IsCharLowerW
ToUnicodeEx
GetKeyboardLayout
CallNextHookEx
CharLowerW
ReleaseDC
GetDC
OpenClipboard
GetClipboardData
GetClipboardFormatNameW
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageW
FindWindowW
EndDialog
IsWindow
DispatchMessageW
TranslateMessage
ShowWindow
CountClipboardFormats
SetWindowLongW
ScreenToClient
IsDialogMessageW
GetDlgItem
SendDlgItemMessageW
DialogBoxParamW
SetForegroundWindow
DefWindowProcW
FillRect
DrawIconEx
GetSysColorBrush
GetSysColor
RegisterWindowMessageW
GetMonitorInfoW
EnumDisplayMonitors
SetClipboardViewer
IsIconic
SendMessageW
IsWindowEnabled
GetWindowLongW
GetKeyState
TranslateAcceleratorW
KillTimer
PeekMessageW
GetFocus
GetClassNameW
GetWindowThreadProcessId
GetForegroundWindow
EnumWindows
GetWindowTextLengthW
EnableWindow
InvalidateRect
SetLayeredWindowAttributes
SetWindowPos
SetWindowRgn
SetFocus
SetActiveWindow
EnumChildWindows
MoveWindow
GetWindowRect
GetClientRect
SystemParametersInfoW
AdjustWindowRectEx
DrawTextW
SetRect
GetIconInfo
SetWindowTextW
IsWindowVisible
BlockInput
GetMessageW
SetTimer
GetParent
GetDlgCtrlID
CharUpperW
IsClipboardFormatAvailable
CheckMenuItem
LoadImageW
MapVirtualKeyW
ChangeClipboardChain
DestroyWindow

gdi32

GetPixel
GetClipRgn
GetCharABCWidthsW
SetBkMode
CreatePatternBrush
SetBrushOrgEx
EnumFontFamiliesExW
CreateDIBSection
GdiFlush
SetBkColor
ExcludeClipRect
SetTextColor
GetClipBox
BitBlt
CreateCompatibleBitmap
GetSystemPaletteEntries
GetDIBits
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
DeleteDC
GetObjectW
GetTextMetricsW
GetTextFaceW
SelectObject
GetStockObject
CreateDCW
CreateSolidBrush
CreateFontW
FillRgn
GetDeviceCaps
DeleteObject

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerW
GetUserNameW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegConnectRegistryW
RegDeleteValueW

shell32

DragQueryPoint
SHEmptyRecycleBinW
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
DragFinish
DragQueryFileW
ExtractIconW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

SafeArrayGetLBound
GetActiveObject
SysStringLen
OleLoadPicture
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayGetDim
SafeArrayDestroy
SafeArrayGetUBound
VariantCopyInd
SafeArrayCopy
SysAllocString
VariantChangeType
VariantClear
SafeArrayCreate
SysFreeString

Sections

.text
Size: 883KB - Virtual size: 882KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
steam明星志愿3花样修改器v1.5.8.exe
.exe windows x86

8224edb4133eabd2bf59405ff819e431

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord582
__vbaVarSub
__vbaVarTstGt
ord583
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFpCDblR4
__vbaFreeVar
__vbaAryMove
ord588
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
ord698
__vbaFreeObjList
__vbaLineInputVar
_adj_fprem1
__vbaResume
__vbaStrCat
__vbaVarCmpNe
ord553
__vbaSetSystemError
__vbaHresultCheckObj
ord662
__vbaLenBstrB
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaVarCmpGe
__vbaExitProc
__vbaVarForInit
ord300
ord301
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
__vbaFpR4
ord306
ord307
ord309
__vbaVarTstLt
__vbaFpR8
__vbaBoolVarNull
_CIsin
__vbaErase
__vbaVarCmpGt
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord528
__vbaGenerateBoundsError
__vbaVarAbs
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaDateR8
__vbaI2I4
DllFunctionCall
__vbaVarOr
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
__vbaNew
ord601
_CIsqrt
ord310
__vbaLateIdCallSt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
ord312
__vbaStrToUnicode
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord608
__vbaVarCmpLe
ord531
ord716
__vbaFPException
ord717
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
__vbaI2Var
ord645
ord538
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaVar2Vec
__vbaR8Str
__vbaVarLateMemCallLdRf
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord573
ord681
__vbaI4Str
__vbaFreeStrList
__vbaVarCmpLt
ord576
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord578
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
ord612
ord614
__vbaVarMod
__vbaVarCopy
__vbaFpI4
__vbaVarLateMemCallLd
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaAryCopy
__vbaR8IntI4
__vbaStrVarCopy
ord542
ord543
_allmul
__vbaFpCSngR4
__vbaLateIdSt
ord544
ord545
_CItan
ord546
__vbaAryUnlock
__vbaFPInt
__vbaUI1Var
ord547
__vbaFpCSngR8
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vsflex8u.ocx
.dll regsvr32 windows x86

39eb146e41e65e767f5c648ace29a315

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2009 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0a:47:15:fb:46:18:1c:86:18:42:4d:ea:cd:9f:27:33
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23-09-2005 00:00

Not After

23-09-2006 23:59

Subject

CN=ComponentOne,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ComponentOne,L=Pittsburgh,ST=PA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsFree
TlsAlloc
TlsSetValue
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
WriteFile
TerminateProcess
ExitProcess
ReadFile
SetEndOfFile
SetStdHandle
SetLastError
GetStdHandle
SetHandleCount
SetFilePointer
GetCommandLineA
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
DeleteFileA
MoveFileA
HeapFree
HeapAlloc
CreateFileA
GetFileType
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
CloseHandle
TlsGetValue
HeapSize
GetTimeZoneInformation
LCMapStringA
LCMapStringW
RaiseException
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
FlushFileBuffers
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
LoadLibraryA
CompareStringA
SetEnvironmentVariableA
LocalAlloc
InterlockedExchange
GetSystemTime
GetCurrencyFormatW
CompareStringW
GetLocaleInfoW
GetVersion
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
DisableThreadLibraryCalls
lstrcmpiW
LoadLibraryExW
GetLastError
FindResourceW
LoadResource
SizeofResource
GetModuleFileNameW
GetModuleHandleW
GetShortPathNameW
GetTempPathW
GetTempFileNameW
lstrcatW
MulDiv
GlobalFree
GetVersionExW
Sleep
GlobalUnlock
lstrcpynW
GetTickCount
GetProfileIntW
lstrcpyW
lstrcmpW
FreeLibrary
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
GetProcAddress
InterlockedIncrement
MultiByteToWideChar
GlobalSize
lstrlenW
lstrlenA
IsDBCSLeadByte
WideCharToMultiByte
GlobalAlloc
GlobalLock
GetStartupInfoA

user32

GetDC
GetParent
wsprintfW
IsWindowEnabled
GetFocus
OffsetRect
GetWindowRect
GetClientRect
ScreenToClient
SendMessageW
ReleaseDC
SetRect
GetSysColor
SetScrollInfo
GetSystemMetrics
GetScrollInfo
IsWindow
ScrollWindow
GetKeyState
CharNextW
InflateRect
DrawTextW
CharNextA
InvalidateRect
DrawFocusRect
SetClassLongW
GetClassLongW
UnionRect
RegisterClassExW
GetClassInfoExW
SetWindowRgn
EqualRect
EndPaint
BeginPaint
GetWindow
WindowFromDC
CloseClipboard
MessageBoxW
LoadStringW
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
IsCharAlphaW
GetDlgCtrlID
EnumChildWindows
EndDialog
DialogBoxParamW
GetDesktopWindow
GetDlgItem
LoadCursorW
LoadIconW
LoadBitmapW
RegisterWindowMessageW
DestroyCursor
DestroyIcon
SetWindowPos
CreateWindowExW
CallWindowProcW
DefWindowProcW
GetSysColorBrush
FrameRect
DrawFrameControl
IntersectRect
DrawIcon
IsChild
GetScrollRange
SystemParametersInfoW
ClientToScreen
GetWindowDC
DrawEdge
GetCapture
KillTimer
SetTimer
UpdateWindow
FillRect
SetCursor
SetCapture
InvertRect
ReleaseCapture
GetWindowTextW
DestroyWindow
HideCaret
EnableWindow
MessageBeep
SetWindowTextW
GetWindowLongW
SetWindowLongW
PostMessageW
GetWindowTextLengthW
ShowWindow
SetFocus
IsWindowVisible
MoveWindow
GetCursorPos
PtInRect
GetAsyncKeyState
PeekMessageW

gdi32

CreateCompatibleBitmap
GetObjectType
RectVisible
Polygon
LineTo
ExtTextOutW
ExcludeClipRect
SetStretchBltMode
StretchBlt
GetDIBits
StretchDIBits
CreateCompatibleDC
CreateBitmap
DeleteDC
GetStockObject
SelectPalette
RealizePalette
SetBkMode
SetTextColor
SetBkColor
CreateMetaFileW
SaveDC
SetWindowOrgEx
CloseEnhMetaFile
RestoreDC
CloseMetaFile
DeleteMetaFile
GetDeviceCaps
GetObjectW
SelectObject
DeleteObject
CreatePen
CreateSolidBrush
CreateDIBitmap
CopyEnhMetaFileW
CopyMetaFileW
CreateFontIndirectW
CreatePatternBrush
CreateRectRgnIndirect
SetViewportOrgEx
LPtoDP
CreateDCW
GetClipBox
SelectClipRgn
BitBlt
GetTextExtentPoint32W
CreateFontW
CreateEnhMetaFileW
GetTextColor
GetTextMetricsW
GetCurrentPositionEx
SetTextAlign
SetViewportExtEx
DPtoLP
SetMapMode
Rectangle
AbortDoc
EndDoc
EndPage
TextOutW
StartPage
StartDocW
SetWindowExtEx
MoveToEx
ResetDCW

comdlg32

PrintDlgW

advapi32

RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegEnumValueW
RegDeleteKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW

shell32

DragQueryFileW
ShellExecuteW

ole32

CreateStreamOnHGlobal
OleDuplicateData
StgCreateDocfile
StgOpenStorage
CLSIDFromString
CreateOleAdviseHolder
StringFromCLSID
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
OleLoadFromStream
OleSaveToStream
WriteClassStm
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CreateBindCtx
RevokeDragDrop
RegisterDragDrop
DoDragDrop
ProgIDFromCLSID
CoTaskMemFree
ReleaseStgMedium

oleaut32

OleLoadPicturePath
OleLoadPicture
VariantCopyInd
OleCreatePropertyFrame
SysAllocStringByteLen
SysStringByteLen
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
VarUI4FromStr
SafeArrayDestroy
CreateErrorInfo
SetErrorInfo
OleCreateFontIndirect
OleTranslateColor
SafeArrayPutElement
SafeArrayGetElement
LoadRegTypeLi
SysAllocString
VariantChangeType
VariantCopy
SysAllocStringLen
SysFreeString
SysStringLen
OleCreatePictureIndirect
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear

comctl32

ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Draw
ord17

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 352KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa8b0ec5b7d56e08d6614ae243221096

Code Sign

Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 135KB

.data Size: 14KB - Virtual size: 13KB

.rsrc Size: 39KB - Virtual size: 39KB

.reloc Size: 8KB - Virtual size: 7KB

2004a5f6f543f8c26e144c1ceb66f943

Headers

File Characteristics

Imports

wsock32

winmm

version

comctl32

psapi

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 883KB - Virtual size: 882KB

.rdata Size: 196KB - Virtual size: 195KB

.data Size: 20KB - Virtual size: 48KB

.pdata Size: 30KB - Virtual size: 30KB

text Size: 9KB - Virtual size: 9KB

data Size: 28KB - Virtual size: 27KB

.rsrc Size: 12KB - Virtual size: 12KB

8224edb4133eabd2bf59405ff819e431

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 232KB - Virtual size: 231KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 8KB - Virtual size: 4KB

39eb146e41e65e767f5c648ace29a315

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

0a:47:15:fb:46:18:1c:86:18:42:4d:ea:cd:9f:27:33Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

.text
Size: 136KB - Virtual size: 135KB

.data
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 39KB - Virtual size: 39KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 883KB - Virtual size: 882KB

.rdata
Size: 196KB - Virtual size: 195KB

.data
Size: 20KB - Virtual size: 48KB

.pdata
Size: 30KB - Virtual size: 30KB

text
Size: 9KB - Virtual size: 9KB

data
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: 232KB - Virtual size: 231KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 8KB - Virtual size: 4KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

0a:47:15:fb:46:18:1c:86:18:42:4d:ea:cd:9f:27:33
Certificate

.text
Size: 352KB - Virtual size: 348KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 32KB - Virtual size: 311KB

.rsrc
Size: 164KB - Virtual size: 163KB

.reloc
Size: 28KB - Virtual size: 24KB