6a9eb0e481275c1b181e68170da7d8540116c89582c928f36db12e048fa0db07

Sharing

Copy URL Twitter E-mail

General

Target

6a9eb0e481275c1b181e68170da7d8540116c89582c928f36db12e048fa0db07
Size

596KB
MD5

f66d51e812c91e6fd4a8059d57b37983
SHA1

39fb2d32ce5b7e39ee4283b3526e225522217d26
SHA256

6a9eb0e481275c1b181e68170da7d8540116c89582c928f36db12e048fa0db07
SHA512

4515ab93901eab1e8decaa119c8e26a823823889f26cf6a285134c2d1cc01bdbd6a1df9465c559920a0473174bf5b0858f09e808705870865988484d510e33fb
SSDEEP

12288:HZxon7OIIgVBRp+5qqhrPptuD51Nyuelmj1BgUZ/XvdKt:HS7BIgV7piq4zptuDnNi0BpXvot

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/X86/dfst.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/X86/dfst.dll	upx

Files

6a9eb0e481275c1b181e68170da7d8540116c89582c928f36db12e048fa0db07
.rar
DLL下载.url
.url
X86/34.2.2.0/DLL简介.txt
X86/34.2.2.0/dfst.dll
.dll windows x86

44431adf4d7c40f5e549aa450355ade3

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:a2:a3:a3:b2:43:74:77:96:df:05:49:02:0a:9c:d0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

06/09/2005, 00:00

Not After

13/09/2006, 23:59

Subject

CN=UGS,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=SMD,O=UGS,L=Arden Hills,ST=Minnesota,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dcud3e34

?compute_silhouette@HL_world@@QAE?AW4D3E_OUTCOME@@XZ
?set_silhouette_tolerance@HL_world@@QAE?AW4D3E_OUTCOME@@NN@Z
?get_silhouette_tolerance@HL_world@@QAE?AW4D3E_OUTCOME@@PAN0@Z
?set_sil_tol@HL_world@@QAE?AW4D3E_OUTCOME@@N@Z
?set_ignored_sets@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_instance_set@@HPAPAV3@@Z
?cast_D3E_instance_set@@YAPAVD3E_instance_set@@PAUD3E_NODE@@@Z
?cast_D3E_instance_set_array@@YAXPAPAPAVD3E_instance_set@@HPAPAUD3E_NODE@@@Z
?set_ignored_faces@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_instance_set@@HPAPAV3@PAPAVD3E_face@@@Z
?cast_D3E_face_array@@YAXPAPAPAVD3E_face@@HPAPAUD3E_NODE@@@Z
?set_regional_faces@HL_world@@QAE?AW4D3E_OUTCOME@@HPAPAVD3E_face@@PAPAVD3E_instance_set@@@Z
?bcurve_segment_count@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_edge@@PAVD3E_instance_set@@PAH@Z
?cast_D3E_edge@@YAPAVD3E_edge@@PAUD3E_NODE@@@Z
?segment_visibility@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_edge@@PAVD3E_instance_set@@HPAW4D3E_VISIBILITY@@@Z
?segment_local_outline_type@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_edge@@PAVD3E_instance_set@@HPAW4D3E_OUTLINE_TYPE@@@Z
?segment_global_outline_type@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_edge@@PAVD3E_instance_set@@HPAW4D3E_OUTLINE_TYPE@@@Z
?segment_face_outline_data@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_edge@@PAVD3E_instance_set@@HPAUD3E_EDGE_OUTLINE_FACE_DATA@@@Z
?face_outline_loop_count@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_face@@PAVD3E_instance_set@@PAH@Z
?cast_D3E_face@@YAPAVD3E_face@@PAUD3E_NODE@@@Z
?face_outline_loop_info@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_face@@PAVD3E_instance_set@@HPAUD3E_OUTLINE_LOOP_INFO@@@Z
?face_outline_loop_data@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_face@@PAVD3E_instance_set@@HPAPAUD3E_NODE@@2PAH3PAW4D3E_EDGE_CLASS@@@Z
?segment_parameter_range@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_edge@@PAVD3E_instance_set@@HPAN2_N@Z
?segment_data@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_edge@@PAVD3E_instance_set@@HPAN2@Z
?fin_segment_count@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_edge@@PAVD3E_face@@PAVD3E_instance_set@@PAH@Z
?fin_segment_type@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_edge@@PAVD3E_face@@PAVD3E_instance_set@@HPAW4D3E_EDGE_REGION_TYPE@@@Z
?fin_segment_parameter_range@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_edge@@PAVD3E_face@@PAVD3E_instance_set@@HPAN3@Z
?fin_segment_data@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_edge@@PAVD3E_face@@PAVD3E_instance_set@@HPAN3@Z
?face_silhouette_count@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_face@@PAVD3E_instance_set@@PAH@Z
?cast_d3e_node@@YAPAUD3E_NODE@@PAVD3E_edge@@@Z
?face_silhouette_edge@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_face@@PAVD3E_instance_set@@HPAPAVD3E_edge@@@Z
?compute_hidden_line@HL_world@@QAE?AW4D3E_OUTCOME@@XZ
?linear_silhouette_data@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_edge@@PAN1@Z
?circular_silhouette_data@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_edge@@PAN11@Z
?generic_silhouette_polyline_info@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_edge@@PAUD3E_POLYLINE_INFO@@@Z
?write_info_and_data@@YAXAAVHL_JOURNAL@@PAUD3E_POLYLINE_INFO@@PAUD3E_POLYLINE_DATA@@@Z
?generic_silhouette_polyline_data@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_edge@@PAUD3E_POLYLINE_DATA@@@Z
?generic_silhouette_bspline_info@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_edge@@PAUD3E_BSPLINE_CURVE_INFO@@@Z
?write_info_and_data@@YAXAAVHL_JOURNAL@@PAUD3E_BSPLINE_CURVE_INFO@@PAUD3E_BSPLINE_CURVE_DATA@@@Z
?generic_silhouette_bspline_data@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_edge@@PAUD3E_BSPLINE_CURVE_DATA@@@Z
?silhouette_data@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_edge@@PAN1@Z
?silhouette_parameter_range@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_edge@@PAN1@Z
?register_me@D3E_HLF_registry@@QAEHABUD3E_HLF_register@@@Z
?enquire_registered@D3E_HLF_registry@@QAEXPAUD3E_HLF_register@@@Z
??6@YAAAVHL_JOURNAL@@AAV0@ABUD3E_VERSION_INFO@@@Z
??6@YAAAVHL_JOURNAL@@AAV0@ABUD3E_INF_register@@@Z
?set_defaults@D3E_INF_registry@@QAEH_N@Z
?register_me@D3E_INF_registry@@QAEHABUD3E_INF_register@@@Z
?enquire_registered@D3E_INF_registry@@QAEXPAUD3E_INF_register@@@Z
?compute_interpenetration@HL_world@@QAE?AW4D3E_OUTCOME@@W4D3E_INTERPENETRATION_MODE@@@Z
??6@YAAAVHL_JOURNAL@@AAV0@W4D3E_INTERPENETRATION_MODE@@@Z
?compute_self_interpenetration@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_set@@W4D3E_INTERPENETRATION_MODE@@@Z
?cast_D3E_set@@YAPAVD3E_set@@PAUD3E_NODE@@@Z
?get_interpenetration_edge_count@HL_world@@QAE?AW4D3E_OUTCOME@@PAH@Z
?get_interpenetration_edge@HL_world@@QAE?AW4D3E_OUTCOME@@HPAPAVD3E_edge@@@Z
?get_self_interpenetration_edge_count@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_set@@PAH@Z
?get_self_interpenetration_edge@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_set@@HPAPAVD3E_edge@@@Z
?cast_d3e_node@@YAPAUD3E_NODE@@PAVD3E_instance_set@@@Z
?cast_d3e_node@@YAPAUD3E_NODE@@PAVD3E_face@@@Z
?get_interpenetration_edge_faces@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_edge@@PAPAVD3E_face@@PAPAVD3E_instance_set@@12@Z
?set_view_box@HL_world@@QAE_NHPAVHL_vec3@@00PAVHL_box2@@@Z
??0HL_vec3@@QAE@XZ
??_FHL_box2@@QAEXXZ
?set_rectangular@HL_box2@@QAEX_N@Z
?set_view@HL_world@@QAEXPAVHL_vec3@@_N@Z
??6@YAAAVHL_JOURNAL@@AAV0@W4D3E_GLOBAL_OUTLINE_MODE@@@Z
??6@YAAAVHL_JOURNAL@@AAV0@W4D3E_COINCIDENT_OCCLUSION_MODE@@@Z
??6@YAAAVHL_JOURNAL@@AAV0@W4D3E_OUTCOME@@@Z
?returning@@YAAAVHL_JOURNAL@@AAV1@@Z
?jfile@D3E_WORLD@@QAEPAVD3E_journal_file@@ABH@Z
?endl@@YAAAVHL_JOURNAL@@AAV1@@Z
?set_defaults@D3E_HLF_registry@@QAEH_N@Z
??1HL_JOURNAL@@QAE@XZ
?HL_THE_WORLD@@3PAVHL_world@@A
??6@YAAAVHL_JOURNAL@@AAV0@ABUD3E_HLF_register@@@Z
??6@YAAAVHL_JOURNAL@@AAV0@AAUD3E_POLYLINE_INFO@@@Z
??6@YAAAVHL_JOURNAL@@AAV0@ABUD3E_BSPLINE_CURVE_INFO@@@Z
??6@YAAAVHL_JOURNAL@@AAV0@ABUD3E_OUTLINE_LOOP_INFO@@@Z
??6@YAAAVHL_JOURNAL@@AAV0@W4D3E_EDGE_CLASS@@@Z
??6@YAAAVHL_JOURNAL@@AAV0@ABUD3E_EDGE_OUTLINE_FACE_DATA@@@Z
??6@YAAAVHL_JOURNAL@@AAV0@W4D3E_OUTLINE_TYPE@@@Z
??6@YAAAVHL_JOURNAL@@AAV0@W4D3E_EDGE_REGION_TYPE@@@Z
??6@YAAAVHL_JOURNAL@@AAV0@W4D3E_VISIBILITY@@@Z
??6@YAAAVHL_JOURNAL@@AAV0@W4D3E_SILHOUETTE_EDGE_TYPE@@@Z
?vector3@@YAAAVHL_JOURNAL@@AAV1@PBN@Z
?boolean@@YAAAVHL_JOURNAL@@AAV1@H@Z
??6@YAAAVHL_JOURNAL@@AAV0@PBD@Z
??6@YAAAVHL_JOURNAL@@AAV0@N@Z
??6@YAAAVHL_JOURNAL@@AAV0@D@Z
??6@YAAAVHL_JOURNAL@@AAV0@P6AAAV0@0@Z@Z
??6@YAAAVHL_JOURNAL@@AAV0@H@Z
??6@YAAAVHL_JOURNAL@@AAV0@PBX@Z
?silhouette_type@HL_world@@QAE?AW4D3E_OUTCOME@@PAVD3E_edge@@PAW4D3E_SILHOUETTE_EDGE_TYPE@@@Z
?D3E_THE_BASE@@3PAVD3E_BASE@@A

msvcr80

_except_handler4_common
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
free
_encoded_null
_malloc_crt
_encode_pointer
__CxxFrameHandler3
_onexit

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

Exports

Exports

??0D3E_HL@@QAE@PAVD3E_BASE@@@Z
??0D3E_IN@@AAE@PAVD3E_HL@@PAVD3E_WORLD@@@Z
??1D3E_HL@@QAE@XZ
??1D3E_IN@@AAE@XZ
??4D3E_HL@@QAEAAV0@ABV0@@Z
??4D3E_IN@@QAEAAV0@ABV0@@Z
?compute_hidden_line@D3E_HL@@QAE?AW4D3E_OUTCOME@@XZ
?compute_interpenetration@D3E_IN@@QAE?AW4D3E_OUTCOME@@W4D3E_INTERPENETRATION_MODE@@@Z
?compute_self_interpenetration@D3E_IN@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@W4D3E_INTERPENETRATION_MODE@@@Z
?compute_silhouette@D3E_HL@@QAE?AW4D3E_OUTCOME@@XZ
?enquire_frustum_functions@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_HLF_register@@@Z
?enquire_frustum_functions@D3E_IN@@QAE?AW4D3E_OUTCOME@@PAUD3E_INF_register@@@Z
?get_circular_silhouette_edge_data@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@QAN1PAN@Z
?get_edge_region_segment_count@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@00PAH@Z
?get_edge_region_segment_count@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@0PAH@Z
?get_edge_region_segment_data@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@00HQAN1@Z
?get_edge_region_segment_data@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@0HQAN1@Z
?get_edge_region_segment_parameter_range@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@00HPAN1@Z
?get_edge_region_segment_parameter_range@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@0HPAN1@Z
?get_edge_region_segment_type@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@00HPAW4D3E_EDGE_REGION_TYPE@@@Z
?get_edge_region_segment_type@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@0HPAW4D3E_EDGE_REGION_TYPE@@@Z
?get_edge_segment_count@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@0PAH@Z
?get_edge_segment_count@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@PAH@Z
?get_edge_segment_data@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@0HQAN1@Z
?get_edge_segment_data@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@HQAN1@Z
?get_edge_segment_face_outline_data@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@0HPAUD3E_EDGE_OUTLINE_FACE_DATA@@@Z
?get_edge_segment_face_outline_data@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@HPAUD3E_EDGE_OUTLINE_FACE_DATA@@@Z
?get_edge_segment_global_outline_type@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@0HPAW4D3E_OUTLINE_TYPE@@@Z
?get_edge_segment_global_outline_type@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@HPAW4D3E_OUTLINE_TYPE@@@Z
?get_edge_segment_local_outline_type@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@0HPAW4D3E_OUTLINE_TYPE@@@Z
?get_edge_segment_local_outline_type@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@HPAW4D3E_OUTLINE_TYPE@@@Z
?get_edge_segment_parameter_range@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@0HPAN1@Z
?get_edge_segment_parameter_range@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@HPAN1@Z
?get_edge_segment_visibility@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@0HPAW4D3E_VISIBILITY@@@Z
?get_edge_segment_visibility@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@HPAW4D3E_VISIBILITY@@@Z
?get_face_outline_loop_count@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@0PAH@Z
?get_face_outline_loop_count@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@PAH@Z
?get_face_silhouette_edge@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@0HPAPAU3@@Z
?get_face_silhouette_edge@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@HPAPAU3@@Z
?get_face_silhouette_edge_count@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@0PAH@Z
?get_face_silhouette_edge_count@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@PAH@Z
?get_generic_silhouette_edge_bspline_data@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@PAUD3E_BSPLINE_CURVE_INFO@@PAUD3E_BSPLINE_CURVE_DATA@@@Z
?get_generic_silhouette_edge_bspline_info@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@PAUD3E_BSPLINE_CURVE_INFO@@@Z
?get_generic_silhouette_edge_polyline_data@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@PAUD3E_POLYLINE_INFO@@PAUD3E_POLYLINE_DATA@@@Z
?get_generic_silhouette_edge_polyline_info@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@PAUD3E_POLYLINE_INFO@@@Z
?get_interpenetration_edge@D3E_IN@@QAE?AW4D3E_OUTCOME@@HPAPAUD3E_NODE@@@Z
?get_interpenetration_edge_count@D3E_IN@@QAE?AW4D3E_OUTCOME@@PAH@Z
?get_interpenetration_edge_faces@D3E_IN@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@PAPAU3@111@Z
?get_linear_silhouette_edge_data@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@QAN1@Z
?get_outline_loop_data@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@0HPAPAU3@1PAH2PAW4D3E_EDGE_CLASS@@@Z
?get_outline_loop_data@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@HPAPAU3@1PAH2PAW4D3E_EDGE_CLASS@@@Z
?get_outline_loop_info@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@0HPAUD3E_OUTLINE_LOOP_INFO@@@Z
?get_outline_loop_info@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@HPAUD3E_OUTLINE_LOOP_INFO@@@Z
?get_self_interpenetration_edge@D3E_IN@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@HPAPAU3@@Z
?get_self_interpenetration_edge_count@D3E_IN@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@PAH@Z
?get_silhouette_edge_data@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@QAN1@Z
?get_silhouette_edge_parameter_range@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@PAN1@Z
?get_silhouette_edge_type@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@PAW4D3E_SILHOUETTE_EDGE_TYPE@@@Z
?get_silhouette_tolerance@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAN0@Z
?get_version@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_VERSION_INFO@@@Z
?in@D3E_HL@@QAEPAVD3E_IN@@XZ
?register_frustum_functions@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_HLF_register@@@Z
?register_frustum_functions@D3E_IN@@QAE?AW4D3E_OUTCOME@@PAUD3E_INF_register@@@Z
?set_coincident_occlusion_mode@D3E_HL@@QAE?AW4D3E_OUTCOME@@W4D3E_COINCIDENT_OCCLUSION_MODE@@@Z
?set_global_outline_mode@D3E_HL@@QAE?AW4D3E_OUTCOME@@W4D3E_GLOBAL_OUTLINE_MODE@@@Z
?set_ignored_faces@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@HPAPAU3@1@Z
?set_ignored_sets@D3E_HL@@QAE?AW4D3E_OUTCOME@@PAUD3E_NODE@@HPAPAU3@@Z
?set_local_outline@D3E_HL@@QAE?AW4D3E_OUTCOME@@H@Z
?set_occlusion@D3E_HL@@QAE?AW4D3E_OUTCOME@@H@Z
?set_outline_faces@D3E_HL@@QAE?AW4D3E_OUTCOME@@HPAPAUD3E_NODE@@0@Z
?set_periodic_segments@D3E_HL@@QAE?AW4D3E_OUTCOME@@H@Z
?set_self_hidden@D3E_HL@@QAE?AW4D3E_OUTCOME@@H@Z
?set_self_occlusion@D3E_HL@@QAE?AW4D3E_OUTCOME@@H@Z
?set_silhouette_tolerance@D3E_HL@@QAE?AW4D3E_OUTCOME@@NN@Z
?set_surface_normal_res@D3E_HL@@QAE?AW4D3E_OUTCOME@@N@Z
?set_view@D3E_HL@@QAE?AW4D3E_OUTCOME@@QANH@Z
?set_view_box@D3E_HL@@QAE?AW4D3E_OUTCOME@@HPAN000@Z
?set_wires_can_hide@D3E_HL@@QAE?AW4D3E_OUTCOME@@H@Z
D3E_HLF_INITIALIZE_REGISTER
D3E_HL_compute_hidden_line
D3E_HL_compute_silhouette
D3E_HL_delete
D3E_HL_enquire_frustum_functions
D3E_HL_get_circular_silhouette_edge_data
D3E_HL_get_edge_region_segment_count
D3E_HL_get_edge_region_segment_data
D3E_HL_get_edge_region_segment_parameter_range
D3E_HL_get_edge_region_segment_type
D3E_HL_get_edge_segment_count
D3E_HL_get_edge_segment_data
D3E_HL_get_edge_segment_face_outline_data
D3E_HL_get_edge_segment_global_outline_type
D3E_HL_get_edge_segment_local_outline_type
D3E_HL_get_edge_segment_parameter_range
D3E_HL_get_edge_segment_visibility
D3E_HL_get_face_outline_loop_count
D3E_HL_get_face_silhouette_edge
D3E_HL_get_face_silhouette_edge_count
D3E_HL_get_generic_silhouette_edge_bspline_data
D3E_HL_get_generic_silhouette_edge_bspline_info
D3E_HL_get_generic_silhouette_edge_polyline_data
D3E_HL_get_generic_silhouette_edge_polyline_info
D3E_HL_get_linear_silhouette_edge_data
D3E_HL_get_outline_loop_data
D3E_HL_get_outline_loop_info
D3E_HL_get_silhouette_edge_data
D3E_HL_get_silhouette_edge_parameter_range
D3E_HL_get_silhouette_edge_type
D3E_HL_get_silhouette_tolerance
D3E_HL_get_version
D3E_HL_new
D3E_HL_register_frustum_functions
D3E_HL_set_coincident_occlusion_mode
D3E_HL_set_global_outline_mode
D3E_HL_set_ignored_faces
D3E_HL_set_ignored_sets
D3E_HL_set_local_outline
D3E_HL_set_occlusion
D3E_HL_set_outline_faces
D3E_HL_set_periodic_segments
D3E_HL_set_self_hidden
D3E_HL_set_self_occlusion
D3E_HL_set_silhouette_tolerance
D3E_HL_set_surface_normal_res
D3E_HL_set_view
D3E_HL_set_view_box
D3E_HL_set_wires_can_hide
D3E_INF_INITIALIZE_REGISTER
D3E_IN_compute_interpenetration
D3E_IN_compute_self_interpenetration
D3E_IN_enquire_frustum_functions
D3E_IN_get_interpenetration_edge
D3E_IN_get_interpenetration_edge_count
D3E_IN_get_interpenetration_edge_faces
D3E_IN_get_self_interpenetration_edge
D3E_IN_get_self_interpenetration_edge_count
D3E_IN_register_frustum_functions

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X86/5.00.2195.6655/DLL简介.txt
X86/5.00.2195.6655/dfst.dll
.dll regsvr32 windows x86

e41514b145f1741d1968bfef7224ba2f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

wcscmp
??3@YAXPAX@Z
_wcsnicmp
_local_unwind2
_purecall
strchr
_stricmp
_itoa
strncpy
time
printf
wcsftime
_wtoi
gmtime
_ultow
_wtol
wcschr
wcstoul
_itow
wcsstr
_initterm
realloc
wcsncat
wcsncmp
swprintf
_wcsicmp
swscanf
wcsspn
??2@YAPAXI@Z
free
_except_handler3
malloc
wcscat
wcscpy
_onexit
__dllonexit
_adjust_fdiv
wcslen
wcsncpy
mktime
wcstombs
wcscspn
mbstowcs

user32

PostThreadMessageW
EnumWindows
LoadStringW
GetDesktopWindow
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
RegisterWindowMessageW
PostQuitMessage
DestroyWindow
DefWindowProcW
RegisterDeviceNotificationW
DispatchMessageW
GetMessageW
SetForegroundWindow
UnregisterDeviceNotification
GetWindowTextW
LoadIconW
KillTimer
SetTimer
PostMessageW

kernel32

WaitForSingleObject
GetTickCount
CloseHandle
CreateThread
InterlockedIncrement
GetLastError
CreateEventW
GetCurrentProcess
SetEvent
InitializeCriticalSection
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetWindowsDirectoryW
GetModuleFileNameW
ExitThread
GetSystemTime
Sleep
CreateFileW
CreateProcessW
GetSystemDirectoryW
GetProcAddress
LoadLibraryW
FormatMessageW
GetComputerNameW
TlsAlloc
TlsSetValue
TlsGetValue
TlsFree
FreeLibrary
InterlockedDecrement
GetCurrentThread
CreateEventA
DeviceIoControl
ReleaseMutex
CreateMutexW
ResetEvent
SleepEx
GetDiskFreeSpaceExW
GetTapeStatus
GetTapeParameters
SetTapePosition
PrepareTape
GetVolumeInformationW
GetDriveTypeW
GetLogicalDriveStringsW
QueryDosDeviceW
ExpandEnvironmentStringsW
LoadLibraryExW
WriteFile
SetFilePointer
SetTapeParameters
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
SetLastError
OpenEventW
HeapFree
HeapAlloc
GetProcessHeap
GetOverlappedResult
SetErrorMode
ReadFile
LoadLibraryA
RaiseException
InterlockedExchange
LocalAlloc

advapi32

SetServiceStatus
SetPrivateObjectSecurity
GetPrivateObjectSecurity
GetSidIdentifierAuthority
MakeSelfRelativeSD
AccessCheck
GetSecurityDescriptorLength
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegEnumValueW
GetUserNameW
GetSecurityDescriptorDacl
IsValidSecurityDescriptor
GetTokenInformation
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegConnectRegistryW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
DeleteService
RegCreateKeyExW
RegSetValueExW
RegCloseKey
CreateServiceW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
ChangeServiceConfigW
RegisterServiceCtrlHandlerExW
CloseServiceHandle

rpcrt4

RpcStringFreeA
NdrClientCall2
RpcBindingSetAuthInfoA
RpcBindingFree
UuidCreate
RpcStringBindingComposeA
RpcBindingFromStringBindingA

ntdll

NtDeviceIoControlFile
NtCreateEvent
RtlEnterCriticalSection
NtWaitForSingleObject
RtlLeaveCriticalSection
NtDelayExecution
RtlInitUnicodeString
RtlDeleteCriticalSection
NtClose
RtlInitializeCriticalSection
NtCreateFile
NtSetEvent

Exports

Exports

DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.text
Size: 347KB - Virtual size: 347KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X86/DLL简介.txt
X86/dfst.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

registerMe
stopAd

Sections

UPX0
Size: - Virtual size: 684KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 425KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dll安装方法.txt

Sharing

General

Malware Config

Signatures

Files

44431adf4d7c40f5e549aa450355ade3

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

4b:a2:a3:a3:b2:43:74:77:96:df:05:49:02:0a:9c:d0Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

dcud3e34

msvcr80

kernel32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 4KB - Virtual size: 932B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

e41514b145f1741d1968bfef7224ba2f

Headers

File Characteristics

Imports

msvcrt

user32

kernel32

advapi32

rpcrt4

ntdll

Exports

Exports

Sections

.text Size: 347KB - Virtual size: 347KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 21KB - Virtual size: 21KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 684KB

UPX1 Size: 425KB - Virtual size: 428KB

.rsrc Size: 512B - Virtual size: 4KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

4b:a2:a3:a3:b2:43:74:77:96:df:05:49:02:0a:9c:d0
Certificate

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 932B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 347KB - Virtual size: 347KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 21KB - Virtual size: 21KB

UPX0
Size: - Virtual size: 684KB

UPX1
Size: 425KB - Virtual size: 428KB

.rsrc
Size: 512B - Virtual size: 4KB