6d2ec33181e1bfe890d874a7c5d20b5d4c05d13a6fafef929480e373f072e161

Sharing

Copy URL Twitter E-mail

General

Target

6d2ec33181e1bfe890d874a7c5d20b5d4c05d13a6fafef929480e373f072e161
Size

494KB
MD5

00b20b7cccb302e0cedb04bac5aa2824
SHA1

766094610e7289b333ed8eac446372f4041e266a
SHA256

6d2ec33181e1bfe890d874a7c5d20b5d4c05d13a6fafef929480e373f072e161
SHA512

2fbcf72ac494b5ac6eda5aec8424d44890aa489d8e372df33dfe9d4597c35c84ec2c4ce163ace6fc17e3def6e74623ed3bfe4e67b85f1825e0ac010cd992cc2e
SSDEEP

12288:OzkiONHJbhvQdUPtlt5BQxKFvQRAuGIdNL2YNk9RwgntFrHb8f1ll:OlOhLv/tfIG4R2IdNSZ9RrtFDq/

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Bin/SkinH.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Bin/SkinH.dll	upx

Files

6d2ec33181e1bfe890d874a7c5d20b5d4c05d13a6fafef929480e373f072e161
.rar
Bin/Ghost2.0.exe
.exe windows x86

5d154be0ed9e18f3ae65f36f6b76abbf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutClose
PlaySoundA
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutWrite
waveInStop
waveInReset
waveInUnprepareHeader
waveInClose
waveOutReset
waveOutUnprepareHeader

kernel32

SystemTimeToFileTime
SetErrorMode
GetCurrentDirectoryA
GetProfileStringA
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapFree
GetTimeZoneInformation
GetSystemTime
GetACP
TerminateProcess
ExitThread
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
Sleep
CreateEventA
LoadLibraryA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
lstrcpyA
ReadFile
GetFileSize
WriteFile
CreateFileA
DeleteFileA
GetLocalTime
LCMapStringW
GetStringTypeA
GetStringTypeW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
SetFilePointer
CopyFileA
GetModuleFileNameA
MoveFileA
lstrlenA
GetFileAttributesA
lstrcatA
GetTempPathA
VirtualFree
VirtualAlloc
GetTickCount
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
LocalFree
LocalAlloc
lstrcpynA
FindClose
FindNextFileA
FindFirstFileA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetProcAddress
SizeofResource
LoadResource
FindResourceA
SetUnhandledExceptionFilter
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
InitializeCriticalSection
LeaveCriticalSection
PostQueuedCompletionStatus
EnterCriticalSection
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatus
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
CancelIo
DeleteCriticalSection
ExitProcess
GetSystemDirectoryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
LocalSize
FreeLibrary
GetVersionExA
GetVersion
LockResource
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
FormatMessageA
DuplicateHandle
GetCurrentProcess
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
SetLastError
MulDiv
LocalFileTimeToFileTime
lstrcmpA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentThread
GetTempFileNameA
SetFileTime
GetFileTime
GetDiskFreeSpaceA
GlobalFlags
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
GetCPInfo
GetOEMCP

user32

SetScrollRange
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
RegisterClassA
GetMenu
GetWindowTextLengthA
GetWindowTextA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
IsIconic
GetWindowPlacement
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
IsWindow
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawTextA
CheckMenuItem
GetMenuState
ShowScrollBar
DrawIconEx
IntersectRect
CheckMenuRadioItem
SetClassLongA
SetForegroundWindow
LoadBitmapA
GetSystemMenu
AppendMenuA
MessageBeep
GetSystemMetrics
DrawEdge
GetDesktopWindow
SystemParametersInfoA
EqualRect
DeleteMenu
GetMenuItemCount
EnableMenuItem
GetCursorPos
GetFocus
GetDlgCtrlID
SetWindowPos
IsWindowVisible
UpdateWindow
ScreenToClient
GetWindow
CopyIcon
PtInRect
KillTimer
GetKeyState
ReleaseCapture
SetCapture
SetTimer
SetRectEmpty
DrawFrameControl
GetCursor
GetClassInfoA
DefWindowProcA
AdjustWindowRectEx
SetFocus
PeekMessageA
MapWindowPoints
GetScrollInfo
GetDlgItemTextA
SetDlgItemTextA
LoadCursorA
LoadMenuA
LoadImageA
GetIconInfo
GetDC
ReleaseDC
GetSysColor
FillRect
OffsetRect
GetClientRect
CopyRect
InflateRect
DrawFocusRect
GetWindowRect
GetSubMenu
TrackPopupMenuEx
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
GetWindowLongA
DestroyIcon
DestroyCursor
DestroyMenu
FindWindowA
PostMessageA
wsprintfA
MessageBoxA
SetRect
EnableWindow
SendMessageA
LoadIconA
GetMessageA
TranslateMessage
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
SetMenuItemBitmaps
DispatchMessageA
IsWindowUnicode
ModifyMenuA
GetMenuCheckMarkDimensions
wvsprintfA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
PostThreadMessageA
RegisterClipboardFormatA
LockWindowUpdate
GetDCEx
InvertRect
GetNextDlgGroupItem
CopyAcceleratorTableA
GetSysColorBrush
GetClassNameA
IsRectEmpty
SetParent
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
SetMenu
TranslateAcceleratorA
LoadAcceleratorsA
MapDialogRect
SetWindowContextHelpId
ValidateRect
ShowOwnedPopups
PostQuitMessage
IsZoomed
EndDeferWindowPos
BeginDeferWindowPos
SendDlgItemMessageA
DeferWindowPos
LoadStringA
CharNextA
GrayStringA
DefDlgProcA
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA

gdi32

GetTextExtentPointA
LPtoDP
GetBkColor
GetTextColor
CreateFontA
GetCharWidthA
GetTextMetricsA
DPtoLP
CreateRectRgnIndirect
CombineRgn
SetRectRgn
PatBlt
GetMapMode
Escape
RectVisible
PtVisible
CreatePatternBrush
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
CreateRectRgn
SetTextAlign
LineTo
MoveToEx
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
RestoreDC
SaveDC
GetClipBox
CreatePen
SetBkMode
TextOutA
CreateSolidBrush
ExtTextOutA
StretchDIBits
CreateDIBSection
GetTextExtentPoint32A
SetPixelV
StretchBlt
PtInRegion
CreateFontIndirectA
Rectangle
PlgBlt
FillRgn
CreatePolygonRgn
GetObjectA
GetPixel
CreateBitmap
SelectObject
SetBkColor
SetTextColor
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
DeleteObject
CreateDIBitmap

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
GetFileSecurityA
SetFileSecurityA
RegOpenKeyA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegSetValueA

shell32

SHGetFileInfoA
ShellExecuteExA
DragQueryFileA
DragFinish
Shell_NotifyIconA
ExtractIconA
ShellExecuteA
ord71

comctl32

_TrackMouseEvent
ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

oledlg

ord8

ole32

OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoFreeUnusedLibraries
CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoInitialize
CoGetClassObject
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

olepro32

ord253

oleaut32

SysAllocString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocStringByteLen

skinh

SkinH_SetAero
SkinH_Attach
SkinH_AttachRes
SkinH_Detach

shlwapi

PathRemoveFileSpecA
SHAutoComplete

ws2_32

WSAGetLastError
setsockopt
WSAIoctl
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSASocketA
connect
select
WSACleanup
closesocket
WSACloseEvent
inet_ntoa
WSACreateEvent
WSAEventSelect
bind
listen
inet_addr
send
recv
WSAStartup
socket
ioctlsocket
gethostbyname
WSASend
WSARecv
getpeername
htons
accept

pdh

PdhOpenQueryA
PdhAddCounterA
PdhCloseQuery
PdhGetFormattedCounterValue
PdhCollectQueryData

avifil32

AVIStreamRelease
AVIFileRelease
AVIStreamWrite
AVIFileInit
AVIFileOpenA
AVIFileCreateStreamA
AVIStreamSetFormat
AVIFileExit

msvfw32

DrawDibDraw
DrawDibClose
ICDecompress
ICSendMessage
ICSeqCompressFrameEnd
DrawDibOpen

Sections

.text
Size: 380KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 564KB - Virtual size: 563KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bin/SkinH.dll
.dll windows x86

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 21:24

Not After

22/01/2010, 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:2b:5a:14:8c:65:c2:00:5e:39:1a:af:d7:4e:4d:39:04:a5:86:fa
Signer

Actual PE Digest

c5:2b:5a:14:8c:65:c2:00:5e:39:1a:af:d7:4e:4d:39:04:a5:86:fa

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

04/02/2009, 03:39
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

SkinH_AdjustAero
SkinH_AdjustHSV
SkinH_Attach
SkinH_AttachEx
SkinH_AttachExt
SkinH_AttachRes
SkinH_AttachResEx
SkinH_Detach
SkinH_DetachEx
SkinH_GetColor
SkinH_LockUpdate
SkinH_Map
SkinH_NineBlt
SkinH_SetAero
SkinH_SetBackColor
SkinH_SetFont
SkinH_SetFontEx
SkinH_SetForeColor
SkinH_SetMenuAlpha
SkinH_SetTitleMenuBar
SkinH_SetWindowAlpha
SkinH_SetWindowMovable
SkinH_VerifySign

Sections

UPX0
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Bin/update/server.dat
.exe windows x86

dbeaa637f528f77139dc95256d8c1005

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetTickCount
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
GetLocalTime
GetSystemInfo
OpenEventA
SetErrorMode
LocalSize
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
GetCurrentThreadId
RaiseException
GetModuleHandleA
GetSystemDirectoryA
ExitProcess
GetCurrentProcess
SetLastError
GetModuleFileNameA
WriteFile
SetFilePointer
ReadFile
CreateFileA
GetFileSize
RemoveDirectoryA
LocalAlloc
FindFirstFileA
LocalReAlloc
FindNextFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
CreateProcessA
GetFileAttributesA
CreateDirectoryA
GetLastError
DeleteFileA
GetVersionExA
GetPrivateProfileStringA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
GetWindowsDirectoryA
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
GetProcAddress
CancelIo
InterlockedExchange
lstrcpyA
ResetEvent
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
CreateThread
ResumeThread
SetEvent
WaitForSingleObject
Sleep
TerminateThread
CloseHandle
LoadLibraryA
CreateEventA
WaitForMultipleObjects

user32

mouse_event
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
LoadCursorA
BlockInput
SendMessageA
SystemParametersInfoA
ReleaseDC
SetCursorPos
SetCapture
SetRect
GetCursorPos
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
ExitWindowsEx
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
CloseDesktop
SetThreadDesktop
GetDC
WindowFromPoint
IsWindow
DispatchMessageA
TranslateMessage
MapVirtualKeyA
GetKeyState
GetAsyncKeyState
GetForegroundWindow
GetMessageA
GetWindowTextA
GetDesktopWindow
wsprintfA
CharNextA
CloseWindow
CreateWindowExA
PostMessageA
OpenDesktopA
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop

gdi32

SelectObject
CreateCompatibleBitmap
DeleteDC
GetDIBits
CreateDIBSection
BitBlt
DeleteObject
CreateCompatibleDC

advapi32

LsaClose
LookupAccountNameA
IsValidSid
GetTokenInformation
LookupAccountSidA
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserA
RegDeleteValueA
RegDeleteKeyA
LsaRetrievePrivateData
LsaOpenPolicy
LsaFreeMemory
RegCloseKey
RegQueryValueA
RegOpenKeyExA
CloseServiceHandle
DeleteService
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegSetValueExA
RegCreateKeyA
SetNamedSecurityInfoA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
SetEntriesInAclA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegEnumKeyExA
RegEnumValueA

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA

msvcrt

scanf
_strnicmp
_onexit
__dllonexit
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
calloc
_beginthreadex
printf
_strupr
getchar
strncat
strtok
_errno
atoi
strncmp
rename
strrchr
_except_handler3
free
malloc
strchr
strstr
_ftol
ceil
memmove
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_CxxThrowException

shlwapi

SHDeleteKeyA

winmm

waveOutPrepareHeader
waveOutGetNumDevs
waveOutUnprepareHeader
waveInClose
waveInUnprepareHeader
waveOutClose
waveOutOpen
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveOutWrite
waveInStop
waveInReset
waveOutReset

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationA

userenv

CreateEnvironmentBlock

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

msvfw32

ICSeqCompressFrameEnd
ICSendMessage

psapi

EnumProcessModules
GetModuleFileNameExA

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d154be0ed9e18f3ae65f36f6b76abbf

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

skinh

shlwapi

ws2_32

pdh

avifil32

msvfw32

Sections

.text Size: 380KB - Virtual size: 376KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 28KB - Virtual size: 45KB

.rsrc Size: 564KB - Virtual size: 563KB

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:06:27:81:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

61:49:7c:ed:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

c5:2b:5a:14:8c:65:c2:00:5e:39:1a:af:d7:4e:4d:39:04:a5:86:faSigner

Signature Validations

Verification

04/02/2009, 03:39 Valid: false

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 148KB

UPX1 Size: 81KB - Virtual size: 84KB

.rsrc Size: 2KB - Virtual size: 4KB

dbeaa637f528f77139dc95256d8c1005

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

shlwapi

winmm

msvcp60

wtsapi32

userenv

avicap32

msvfw32

psapi

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 12KB - Virtual size: 12KB

.text
Size: 380KB - Virtual size: 376KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 28KB - Virtual size: 45KB

.rsrc
Size: 564KB - Virtual size: 563KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:06:27:81:00:00:00:00:00:08
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

c5:2b:5a:14:8c:65:c2:00:5e:39:1a:af:d7:4e:4d:39:04:a5:86:fa
Signer

04/02/2009, 03:39
Valid: false

UPX0
Size: - Virtual size: 148KB

UPX1
Size: 81KB - Virtual size: 84KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 2KB