T-Clock[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

T-Clock.rar
Size

971KB
MD5

c286b0d3d5a5f268730a04ffba8634d6
SHA1

907e5d6777b95a3ef72f31cc8e3bcb81f83791fa
SHA256

25548ea550910ff0270d3996b5dce665df7d1afe36f53a1c0660a7d2085e296f
SHA512

5addb50027a7d40300022cfa061f4dfaf0aa33a0826681a788ab37c9c7a7b049940f16b02e23508fe55cc2b78fa4c5996c7f393a2bc8af8c28f7063024572fd3
SSDEEP

24576:REPerXictuEid8D1s+zM1XXMHE7C2osdMsCKFqNbdIXfEZXc:0VcYRd+1s+Ie4cKCLPIXN

Score

N/A

Malware Config

Signatures

Files

T-Clock.rar
.rar
T-Clock/.reset_portable.cmd
T-Clock/Clock.exe
.exe windows x86

48f105d818bece2e22bad8ffae8aecc0

Code Sign

44:4f:7c:46:7a:6d:37:a8:4b:57:2f:44:f5:59:a0:70
Certificate

Issuer

CN=White-Tiger

Not Before

12/01/2014, 14:56

Not After

31/12/2039, 23:59

Subject

CN=White-Tiger

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ef:9d:c6:c6:da:52:e5:6e:fb:71:29:27:a8:52:c3:95:12:f0:d8:d3
Signer

Actual PE Digest

ef:9d:c6:c6:da:52:e5:6e:fb:71:29:27:a8:52:c3:95:12:f0:d8:d3

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=White-Tiger

28/01/2018, 19:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
CheckTokenMembership
CreateWellKnownSid
DuplicateToken
GetTokenInformation
LookupPrivilegeValueW
OpenProcessToken

comctl32

InitCommonControlsEx
PropertySheetW

comdlg32

ChooseColorW
ChooseFontW
GetOpenFileNameW
GetSaveFileNameW

dsound

DirectSoundCreate

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectW
CreateICA
CreatePatternBrush
CreateSolidBrush
DeleteDC
DeleteObject
EnumFontFamiliesExW
ExtTextOutW
GetDeviceCaps
GetObjectW
GetStockObject
GetTextMetricsW
Rectangle
SelectObject
SetBkColor
SetBkMode
SetBrushOrgEx
SetTextColor

kernel32

Beep
CloseHandle
CreateMutexW
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
EnumSystemLocalesW
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FreeConsole
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetLocalTime
GetLocaleInfoW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProfileStringW
GetStartupInfoW
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTickCount
GetUserDefaultLangID
GetVersion
GlobalAlloc
GlobalLock
GlobalSize
GlobalUnlock
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MulDiv
OpenProcess
Process32FirstW
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
SetSystemPowerState
SetSystemTime
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

mpr

WNetConnectionDialog
WNetDisconnectDialog

msimg32

AlphaBlend

msvcrt

__dllonexit
__lconv_init
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_beginthread
_beginthreadex
_cexit
_endthread
_errno
_fmode
_gmtime64
_initterm
_iob
_lock
_ltow
_onexit
_snwprintf
_time64
_localtime64
_mktime64
_stricmp
_unlock
calloc
exit
fclose
fgets
fprintf
fputs
free
fseek
ftell
fwrite
malloc
memcpy
memmove
memset
rand
signal
sprintf
srand
strchr
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strtoul
_wcmdln
_wcsicmp
_wcsnicmp
_wfopen
_wtoi
abort
atoi
toupper
vfprintf
wcscat
wcschr
wcscmp
wcscpy
wcsftime
wcslen
wcsncmp
wcsstr
_wcsdup

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize

psapi

EmptyWorkingSet
GetModuleFileNameExW

shell32

SHBrowseForFolderW
SHEmptyRecycleBinW
SHGetFolderPathW
SHGetPathFromIDListW
SHQueryRecycleBinW

shlwapi

PathFileExistsW

user32

AllowSetForegroundWindow
CallWindowProcW
CheckDlgButton
CheckMenuItem
CheckRadioButton
CloseClipboard
CopyIcon
CreateDialogParamW
CreateWindowExW
DefWindowProcW
DeleteMenu
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawFocusRect
DrawIconEx
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
ExitWindowsEx
FillRect
FindWindowA
FindWindowExA
FindWindowW
GetAsyncKeyState
GetClassNameA
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDesktopWindow
GetDialogBaseUnits
GetDlgCtrlID
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetDlgItemTextW
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetLastInputInfo
GetMenuState
GetMessageW
GetParent
GetSubMenu
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongW
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
InsertMenuItemW
InsertMenuW
InvalidateRect
IsDialogMessageW
IsDlgButtonChecked
IsWindow
IsWindowEnabled
KillTimer
LoadCursorW
LoadIconW
LoadImageW
LoadMenuW
LoadStringW
LockWorkStation
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjectsEx
OpenClipboard
PeekMessageW
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassW
RegisterHotKey
RegisterWindowMessageA
ReleaseDC
RemoveMenu
ReplyMessage
ScreenToClient
SendDlgItemMessageA
SendDlgItemMessageW
SendMessageA
SendMessageCallbackW
SendMessageW
SetActiveWindow
SetClipboardData
SetCursor
SetDlgItemInt
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetMenuItemBitmaps
SetMenuItemInfoW
SetTimer
SetWindowLongW
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
TrackMouseEvent
TrackPopupMenu
TranslateMessage
UnregisterHotKey
wsprintfA
wsprintfW

winmm

mciSendStringW
mmioAscend
mmioClose
mmioDescend
mmioOpenW
mmioRead
waveOutClose
waveOutOpen
waveOutPrepareHeader
waveOutReset
waveOutUnprepareHeader
waveOutWrite

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
closesocket
gethostbyaddr
gethostbyname
getservbyname
getservbyport
htonl
htons
inet_addr
inet_ntoa
ntohl
ntohs
recvfrom
select
sendto
socket

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
T-Clock/Clock64.exe
.exe windows x64

27bdf5d9b52c29b3949c8c142770b8a2

Code Sign

44:4f:7c:46:7a:6d:37:a8:4b:57:2f:44:f5:59:a0:70
Certificate

Issuer

CN=White-Tiger

Not Before

12/01/2014, 14:56

Not After

31/12/2039, 23:59

Subject

CN=White-Tiger

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e0:cf:3a:72:45:1e:54:99:0f:0e:c7:95:8a:f4:f1:18:51:6f:33:49
Signer

Actual PE Digest

e0:cf:3a:72:45:1e:54:99:0f:0e:c7:95:8a:f4:f1:18:51:6f:33:49

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=White-Tiger

28/01/2018, 19:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
CheckTokenMembership
CreateWellKnownSid
DuplicateToken
GetTokenInformation
LookupPrivilegeValueW
OpenProcessToken

comctl32

InitCommonControlsEx
PropertySheetW

comdlg32

ChooseColorW
ChooseFontW
GetOpenFileNameW
GetSaveFileNameW

dsound

DirectSoundCreate

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectW
CreateICA
CreatePatternBrush
CreateSolidBrush
DeleteDC
DeleteObject
EnumFontFamiliesExW
ExtTextOutW
GetDeviceCaps
GetObjectW
GetStockObject
GetTextMetricsW
Rectangle
SelectObject
SetBkColor
SetBkMode
SetBrushOrgEx
SetTextColor

kernel32

Beep
CloseHandle
CreateMutexW
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
EnumSystemLocalesW
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FreeConsole
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetLocalTime
GetLocaleInfoW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProfileStringW
GetStartupInfoW
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTickCount
GetUserDefaultLangID
GetVersion
GlobalAlloc
GlobalLock
GlobalSize
GlobalUnlock
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MulDiv
OpenProcess
Process32FirstW
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetSystemPowerState
SetSystemTime
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

mpr

WNetConnectionDialog
WNetDisconnectDialog

msimg32

AlphaBlend

msvcrt

__C_specific_handler
__dllonexit
__iob_func
__lconv_init
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_beginthread
_beginthreadex
_cexit
_endthread
_errno
_fmode
_gmtime64
_initterm
_localtime64
_lock
_ltow
_mktime64
_onexit
_stricmp
_time64
_unlock
_wcmdln
_wcsicmp
_wcsnicmp
_wfopen
_wtoi
abort
atoi
calloc
exit
fclose
fgets
fprintf
fputs
free
fseek
ftell
fwrite
malloc
memcpy
memmove
memset
rand
signal
sprintf
srand
strchr
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strtoul
toupper
vfprintf
wcscat
wcschr
wcscmp
wcscpy
wcsftime
wcslen
wcsncmp
wcsstr
_snwprintf
_wcsdup

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize

psapi

EmptyWorkingSet
GetModuleFileNameExW

shell32

SHBrowseForFolderW
SHEmptyRecycleBinW
SHGetFolderPathW
SHGetPathFromIDListW
SHQueryRecycleBinW

shlwapi

PathFileExistsW

user32

AllowSetForegroundWindow
CallWindowProcW
CheckDlgButton
CheckMenuItem
CheckRadioButton
CloseClipboard
CopyIcon
CreateDialogParamW
CreateWindowExW
DefWindowProcW
DeleteMenu
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawFocusRect
DrawIconEx
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
ExitWindowsEx
FillRect
FindWindowA
FindWindowExA
FindWindowW
GetAsyncKeyState
GetClassNameA
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDesktopWindow
GetDialogBaseUnits
GetDlgCtrlID
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetDlgItemTextW
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetLastInputInfo
GetMenuState
GetMessageW
GetParent
GetSubMenu
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongPtrW
GetWindowLongW
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
InsertMenuItemW
InsertMenuW
InvalidateRect
IsDialogMessageW
IsDlgButtonChecked
IsWindow
IsWindowEnabled
KillTimer
LoadCursorW
LoadIconW
LoadImageW
LoadMenuW
LoadStringW
LockWorkStation
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjectsEx
OpenClipboard
PeekMessageW
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassW
RegisterHotKey
RegisterWindowMessageA
ReleaseDC
RemoveMenu
ReplyMessage
ScreenToClient
SendDlgItemMessageA
SendDlgItemMessageW
SendMessageA
SendMessageCallbackW
SendMessageW
SetActiveWindow
SetClipboardData
SetCursor
SetDlgItemInt
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetMenuItemBitmaps
SetMenuItemInfoW
SetTimer
SetWindowLongPtrW
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
TrackMouseEvent
TrackPopupMenu
TranslateMessage
UnregisterHotKey
wsprintfA
wsprintfW

winmm

mciSendStringW
mmioAscend
mmioClose
mmioDescend
mmioOpenW
mmioRead
waveOutClose
waveOutOpen
waveOutPrepareHeader
waveOutReset
waveOutUnprepareHeader
waveOutWrite

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
closesocket
gethostbyaddr
gethostbyname
getservbyname
getservbyport
htonl
htons
inet_addr
inet_ntoa
ntohl
ntohs
recvfrom
select
sendto
socket

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
T-Clock/T-Clock Help.rtf
.rtf
T-Clock/digital-7 (mono).ttf
T-Clock/digital-7.txt
T-Clock/misc/Options.exe
.exe windows x86

92d4076133db23f4a73e6abdfe1b5545

Code Sign

44:4f:7c:46:7a:6d:37:a8:4b:57:2f:44:f5:59:a0:70
Certificate

Issuer

CN=White-Tiger

Not Before

12/01/2014, 14:56

Not After

31/12/2039, 23:59

Subject

CN=White-Tiger

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cc:4d:bd:41:f2:ea:b4:8c:f3:70:2a:2e:60:98:be:a2:96:8a:c9:07
Signer

Actual PE Digest

cc:4d:bd:41:f2:ea:b4:8c:f3:70:2a:2e:60:98:be:a2:96:8a:c9:07

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=White-Tiger

28/01/2018, 19:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CheckTokenMembership
CreateWellKnownSid
DuplicateToken
GetTokenInformation
OpenProcessToken

comctl32

InitCommonControlsEx

gdi32

CreateCompatibleDC
CreateDIBSection
DeleteDC
GetStockObject
SelectObject
SetBkMode

kernel32

CloseHandle
CreateMutexW
CreateToolhelp32Snapshot
DeleteCriticalSection
EnterCriticalSection
FreeConsole
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
GetVersion
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
OpenProcess
Process32FirstW
Process32NextW
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__argv
__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_fmode
_initterm
_iob
_lock
_onexit
_snwprintf
_stricmp
_unlock
calloc
exit
fprintf
fputc
free
fwrite
getenv
malloc
memcpy
printf
putc
puts
signal
strchr
strlen
strncmp
strrchr
abort
atoi
toupper
vfprintf
wcsstr

psapi

GetModuleFileNameExW

user32

CallNextHookEx
CopyIcon
CreateDialogParamW
CreateWindowExA
CreateWindowExW
DestroyIcon
DestroyWindow
DialogBoxParamW
DrawIconEx
EnableWindow
EndDialog
GetClassNameA
GetDC
GetDlgCtrlID
GetDlgItem
GetParent
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongW
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadIconW
LoadImageW
LoadStringW
MapDialogRect
MapWindowPoints
MessageBeep
MessageBoxW
PostMessageW
ReleaseDC
SendMessageW
SetActiveWindow
SetLayeredWindowAttributes
SetWindowLongW
SetWindowPos
SetWindowTextW
SetWindowsHookExW
ShowWindow
UnhookWindowsHookEx
UpdateWindow

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetStatusCallback
WinHttpSetTimeouts

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
T-Clock/misc/T-Clock.dll
.dll windows x86

1c1bad042c453c34e1ec6919f736ae81

Code Sign

44:4f:7c:46:7a:6d:37:a8:4b:57:2f:44:f5:59:a0:70
Certificate

Issuer

CN=White-Tiger

Not Before

12/01/2014, 14:56

Not After

31/12/2039, 23:59

Subject

CN=White-Tiger

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

81:6a:86:85:68:9b:40:3a:4b:7b:ab:3f:7e:99:23:98:90:3c:fe:21
Signer

Actual PE Digest

81:6a:86:85:68:9b:40:3a:4b:7b:ab:3f:7e:99:23:98:90:3c:fe:21

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=White-Tiger

28/01/2018, 19:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CheckTokenMembership
CreateWellKnownSid
DuplicateToken
GetTokenInformation
IsTextUnicode
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

gdi32

BitBlt
CreateBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectW
DPtoLP
DeleteDC
DeleteObject
EnumFontFamiliesExW
ExtTextOutW
GdiFlush
GetDeviceCaps
GetTextCharset
GetTextExtentPoint32W
GetTextMetricsW
SelectObject
SetBkMode
SetTextAlign
SetTextColor

kernel32

CloseHandle
CreateSemaphoreW
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
FreeConsole
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetLastError
GetLocalTime
GetLocaleInfoW
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetShortPathNameW
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetTimeFormatW
GetUserDefaultLangID
GetVersion
GetVersionExW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
InitializeCriticalSection
IsValidCodePage
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
MulDiv
MultiByteToWideChar
OpenProcess
OpenSemaphoreW
Process32FirstW
Process32NextW
QueryPerformanceCounter
ReleaseSemaphore
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WritePrivateProfileStringW

msvcrt

__dllonexit
__setusermatherr
_amsg_exit
_beginthread
_errno
_fcvt
_gmtime64
_initterm
_iob
_lock
_ltow
_onexit
_snwprintf
_time64
_wstat64
_localtime64
_mktime64
_stricmp
_unlock
calloc
fclose
fgetwc
fprintf
fread
free
fwrite
malloc
memcpy
memset
rewind
strftime
strlen
strncmp
_wfopen
_wrename
_wtoi
_wunlink
abort
atoi
swscanf
toupper
vfprintf
wcscat
wcschr
wcscmp
wcscpy
wcsftime
wcslen
wcsncmp
wcsstr
_wcsdup

ole32

CoCreateInstance
RegisterDragDrop
RevokeDragDrop

psapi

GetModuleFileNameExW

shell32

DragQueryFileW
SHFileOperationW
ShellExecuteExW

user32

BeginPaint
CallNextHookEx
ChildWindowFromPointEx
CloseClipboard
CopyIcon
CreateDialogParamW
CreateWindowExW
DefWindowProcW
DestroyWindow
DrawIconEx
EmptyClipboard
EndPaint
FindWindowA
FindWindowExA
FindWindowExW
GetClassNameA
GetClientRect
GetCursorPos
GetDC
GetDesktopWindow
GetMessagePos
GetMonitorInfoW
GetParent
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongW
GetWindowRect
GetWindowThreadProcessId
InvalidateRect
IsWindow
KillTimer
LoadCursorW
LoadIconW
LoadStringW
MapWindowPoints
MessageBeep
MessageBoxIndirectW
MonitorFromPoint
MonitorFromWindow
OpenClipboard
PostMessageW
RegisterClassExW
RegisterClipboardFormatW
ReleaseDC
SendMessageW
SetActiveWindow
SetClipboardData
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetTimer
SetWindowLongW
SetWindowPos
SetWindowsHookExW
TrackMouseEvent
UnhookWindowsHookEx
UnregisterClassW
wsprintfW

Exports

Exports

SetupClockAPI

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
T-Clock/misc/T-Clock64.dll
.dll windows x64

718ab31282a6a7982fb359b71b2d2a28

Code Sign

44:4f:7c:46:7a:6d:37:a8:4b:57:2f:44:f5:59:a0:70
Certificate

Issuer

CN=White-Tiger

Not Before

12/01/2014, 14:56

Not After

31/12/2039, 23:59

Subject

CN=White-Tiger

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:f1:bf:f8:8e:32:7a:74:75:ab:5f:1d:cb:a3:0b:9c:b7:d9:ff:01
Signer

Actual PE Digest

23:f1:bf:f8:8e:32:7a:74:75:ab:5f:1d:cb:a3:0b:9c:b7:d9:ff:01

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=White-Tiger

28/01/2018, 19:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CheckTokenMembership
CreateWellKnownSid
DuplicateToken
GetTokenInformation
IsTextUnicode
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

gdi32

BitBlt
CreateBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectW
DPtoLP
DeleteDC
DeleteObject
EnumFontFamiliesExW
ExtTextOutW
GdiFlush
GetDeviceCaps
GetTextCharset
GetTextExtentPoint32W
GetTextMetricsW
SelectObject
SetBkMode
SetTextAlign
SetTextColor

kernel32

CloseHandle
CreateSemaphoreW
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
FreeConsole
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetLastError
GetLocalTime
GetLocaleInfoW
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetShortPathNameW
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetTimeFormatW
GetUserDefaultLangID
GetVersion
GetVersionExW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
InitializeCriticalSection
IsValidCodePage
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
MulDiv
MultiByteToWideChar
OpenProcess
OpenSemaphoreW
Process32FirstW
Process32NextW
QueryPerformanceCounter
ReleaseSemaphore
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WritePrivateProfileStringW

msvcrt

__dllonexit
__iob_func
__setusermatherr
_amsg_exit
_beginthread
_errno
_fcvt
_gmtime64
_initterm
_localtime64
_lock
_ltow
_mktime64
_onexit
_stricmp
_time64
_unlock
_wfopen
_wrename
_wstat64
_wtoi
_wunlink
abort
atoi
calloc
fclose
fgetwc
fprintf
fread
free
fwrite
malloc
memcpy
memset
rewind
signal
strftime
strlen
strncmp
swscanf
toupper
vfprintf
wcscat
wcschr
wcscmp
wcscpy
wcsftime
wcslen
wcsncmp
wcsstr
_snwprintf
_wcsdup

ole32

CoCreateInstance
RegisterDragDrop
RevokeDragDrop

psapi

GetModuleFileNameExW

shell32

DragQueryFileW
SHFileOperationW
ShellExecuteExW

user32

BeginPaint
CallNextHookEx
ChildWindowFromPointEx
CloseClipboard
CopyIcon
CreateDialogParamW
CreateWindowExW
DefWindowProcW
DestroyWindow
DrawIconEx
EmptyClipboard
EndPaint
FindWindowA
FindWindowExA
FindWindowExW
GetClassNameA
GetClientRect
GetCursorPos
GetDC
GetDesktopWindow
GetMessagePos
GetMonitorInfoW
GetParent
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongPtrW
GetWindowRect
GetWindowThreadProcessId
InvalidateRect
IsWindow
KillTimer
LoadCursorW
LoadIconW
LoadStringW
MapWindowPoints
MessageBeep
MessageBoxIndirectW
MonitorFromPoint
MonitorFromWindow
OpenClipboard
PostMessageW
RegisterClassExW
RegisterClipboardFormatW
ReleaseDC
SendMessageW
SetActiveWindow
SetClipboardData
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetTimer
SetWindowLongPtrW
SetWindowPos
SetWindowsHookExW
TrackMouseEvent
UnhookWindowsHookEx
UnregisterClassW
wsprintfW

Exports

Exports

SetupClockAPI

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
T-Clock/misc/XPCalendar.exe
.exe windows x86

9621e4f87bddb4ed7eb198fd66cf7d36

Code Sign

44:4f:7c:46:7a:6d:37:a8:4b:57:2f:44:f5:59:a0:70
Certificate

Issuer

CN=White-Tiger

Not Before

12/01/2014, 14:56

Not After

31/12/2039, 23:59

Subject

CN=White-Tiger

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:1c:c8:ea:05:fc:8f:71:4c:69:5a:4d:10:86:91:f6:e5:e6:c3:8a
Signer

Actual PE Digest

47:1c:c8:ea:05:fc:8f:71:4c:69:5a:4d:10:86:91:f6:e5:e6:c3:8a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=White-Tiger

28/01/2018, 19:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CheckTokenMembership
CreateWellKnownSid
DuplicateToken
GetTokenInformation
OpenProcessToken

comctl32

InitCommonControlsEx

comdlg32

ChooseColorW

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectW
CreatePatternBrush
CreateSolidBrush
DeleteDC
DeleteObject
ExtTextOutW
GetObjectW
GetStockObject
GetTextMetricsW
Rectangle
SelectObject
SetBkColor
SetBrushOrgEx
SetTextColor

kernel32

CloseHandle
CreateToolhelp32Snapshot
DeleteCriticalSection
EnterCriticalSection
FreeConsole
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
GetVersion
GlobalAlloc
GlobalLock
GlobalSize
GlobalUnlock
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MulDiv
OpenProcess
Process32FirstW
Process32NextW
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msimg32

AlphaBlend

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_fmode
_initterm
_iob
_lock
_onexit
_time64
_localtime64
_stricmp
_unlock
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
sprintf
strlen
strncmp
_wcsnicmp
abort
toupper
vfprintf
wcscmp
wcsftime
wcslen
wcsncmp
wcsstr

psapi

GetModuleFileNameExW

user32

AdjustWindowRectEx
CallWindowProcW
CloseClipboard
CopyIcon
CreateDialogParamW
CreateWindowExW
DefWindowProcW
DispatchMessageW
DrawFocusRect
DrawIconEx
EmptyClipboard
FillRect
GetAsyncKeyState
GetClassNameA
GetClipboardData
GetDC
GetDialogBaseUnits
GetDlgCtrlID
GetDlgItem
GetForegroundWindow
GetMessageW
GetParent
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongW
GetWindowTextW
InvalidateRect
IsWindow
IsWindowEnabled
LoadCursorW
LoadIconW
LoadStringW
OpenClipboard
PostMessageW
PostQuitMessage
RegisterClassExW
ReleaseDC
SendMessageW
SetActiveWindow
SetClipboardData
SetCursor
SetFocus
SetLayeredWindowAttributes
SetWindowLongW
SetWindowPos
SetWindowTextW
TrackMouseEvent
TranslateMessage
wsprintfW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
T-Clock/waves/Alarm.pcb
T-Clock/waves/Alarm.wav
T-Clock/waves/Bigben.wav
T-Clock/waves/Blip.wav
T-Clock/waves/Buzzer.wav
T-Clock/waves/ChurchBell.wav
T-Clock/waves/Clock.wav
T-Clock/waves/ClockChimes.wav
T-Clock/waves/Cuckoo.wav
T-Clock/waves/SOS.pcb
T-Clock/waves/Sync.wav
T-Clock/waves/Timer.wav
T-Clock/waves/beep.pcb
T-Clock/waves/demo.pcb
T-Clock/waves/gong.wav
T-Clock/waves/hourlybass.pcb
T-Clock/waves/misslebeep.wav
T-Clock/waves/misslebeep3.wav
T-Clock/waves/telephone.pcb
T-Clock/waves/terror.pcb
T-Clock/waves/ufofly.wav

Sharing

General

Malware Config

Signatures

Files

48f105d818bece2e22bad8ffae8aecc0

Code Sign

44:4f:7c:46:7a:6d:37:a8:4b:57:2f:44:f5:59:a0:70Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

ef:9d:c6:c6:da:52:e5:6e:fb:71:29:27:a8:52:c3:95:12:f0:d8:d3Signer

Signature Validations

Verification

28/01/2018, 19:54 Valid: false

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

dsound

gdi32

kernel32

mpr

msimg32

msvcrt

ole32

psapi

shell32

shlwapi

user32

winmm

ws2_32

wtsapi32

Sections

.text Size: 142KB - Virtual size: 142KB

.data Size: 512B - Virtual size: 368B

.rdata Size: 39KB - Virtual size: 38KB

.bss Size: - Virtual size: 1KB

.idata Size: 9KB - Virtual size: 9KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 85KB - Virtual size: 85KB

27bdf5d9b52c29b3949c8c142770b8a2

Code Sign

44:4f:7c:46:7a:6d:37:a8:4b:57:2f:44:f5:59:a0:70Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

e0:cf:3a:72:45:1e:54:99:0f:0e:c7:95:8a:f4:f1:18:51:6f:33:49Signer

Signature Validations

Verification

28/01/2018, 19:54 Valid: false

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

dsound

gdi32

kernel32

mpr

msimg32

msvcrt

ole32

psapi

shell32

shlwapi

user32

winmm

ws2_32

wtsapi32

44:4f:7c:46:7a:6d:37:a8:4b:57:2f:44:f5:59:a0:70
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

ef:9d:c6:c6:da:52:e5:6e:fb:71:29:27:a8:52:c3:95:12:f0:d8:d3
Signer

28/01/2018, 19:54
Valid: false

.text
Size: 142KB - Virtual size: 142KB

.data
Size: 512B - Virtual size: 368B

.rdata
Size: 39KB - Virtual size: 38KB

.bss
Size: - Virtual size: 1KB

.idata
Size: 9KB - Virtual size: 9KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 85KB - Virtual size: 85KB

44:4f:7c:46:7a:6d:37:a8:4b:57:2f:44:f5:59:a0:70
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

e0:cf:3a:72:45:1e:54:99:0f:0e:c7:95:8a:f4:f1:18:51:6f:33:49
Signer

28/01/2018, 19:54
Valid: false

.text
Size: 125KB - Virtual size: 125KB

.data
Size: 1024B - Virtual size: 608B

.rdata
Size: 40KB - Virtual size: 40KB

.pdata
Size: 3KB - Virtual size: 3KB

.xdata
Size: 4KB - Virtual size: 4KB

.bss
Size: - Virtual size: 4KB

.idata
Size: 12KB - Virtual size: 12KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 85KB - Virtual size: 85KB

44:4f:7c:46:7a:6d:37:a8:4b:57:2f:44:f5:59:a0:70
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

cc:4d:bd:41:f2:ea:b4:8c:f3:70:2a:2e:60:98:be:a2:96:8a:c9:07
Signer

28/01/2018, 19:54
Valid: false

.text
Size: 28KB - Virtual size: 27KB

.data
Size: 512B - Virtual size: 312B

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 37KB - Virtual size: 37KB

44:4f:7c:46:7a:6d:37:a8:4b:57:2f:44:f5:59:a0:70
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

81:6a:86:85:68:9b:40:3a:4b:7b:ab:3f:7e:99:23:98:90:3c:fe:21
Signer

28/01/2018, 19:54
Valid: false