149c76696ce2a33d92edd9c731895c342935d5cfe9776f86177544493eff3467

Sharing

Copy URL Twitter E-mail

General

Target

149c76696ce2a33d92edd9c731895c342935d5cfe9776f86177544493eff3467
Size

1.9MB
MD5

36b49a00f1182be8418537ba1a03ab7b
SHA1

e4b3800165a666227f34a6d4f0d096083f440c33
SHA256

149c76696ce2a33d92edd9c731895c342935d5cfe9776f86177544493eff3467
SHA512

27f7c3c2b11c26c6de4b07dff348e355861e522de1bc745f9e14cb6d6b400ef6b7487c4ea3c925c5701758953fd19d136cfc1503fe2a3f3e9e6b3d4429833025
SSDEEP

49152:mrQEelKYmMRPNqZRi8+ZAPaiNid43Ej+lwcPZyf6Jmi:sGr/RPNcRi82x+fyf7i

Score

N/A

Malware Config

Signatures

Files

149c76696ce2a33d92edd9c731895c342935d5cfe9776f86177544493eff3467
.rar
MessengerReviver-2-4-0.exe
.exe windows x86

0ebb3c09b06b1666d307952e824c8697

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
lstrlenA
GetModuleFileNameA
GetSystemDirectoryA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
FreeResource
GetProcAddress
LoadResource
SizeofResource
FindResourceA
lstrcatA
CloseHandle
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ReadFile
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
LockResource

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 367KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MsgPlusLive-490.exe
.exe windows x86

a02b4ceec11ff985fb8337581a66012d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:ec:82:19:51:99:d7:35:ad:6e:70:4b:1b:71:2c:b5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01/09/2012, 00:00

Not After

19/10/2015, 23:59

Subject

CN=Yuna Software Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Yuna Software Limited,L=St. Helier,ST=Jersey,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ee:12:cf:23:39:7b:a1:b7:44:f5:e2:bb:c7:4e:67:eb:89:ec:15:58
Signer

Actual PE Digest

ee:12:cf:23:39:7b:a1:b7:44:f5:e2:bb:c7:4e:67:eb:89:ec:15:58

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Yuna Software Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Yuna Software Limited,L=St. Helier,ST=Jersey,C=GB

09/09/2013, 12:13
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameW
ExitProcess
HeapCreate
LCMapStringW
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
LoadLibraryW
FreeLibrary
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcess
GetLastError
CloseHandle
SetFileTime
MoveFileA
CreateFileW
CreateFileA
FlushFileBuffers
GetStdHandle
WriteFile
ReadFile
SetFilePointer
SetEndOfFile
GetFileType
CreateDirectoryW
CreateDirectoryA
GetProcAddress
GetFileAttributesW
GetFileAttributesA
SetFileAttributesW
SetFileAttributesA
DeviceIoControl
FindClose
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
GetVersionExW
TlsSetValue
Sleep
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
IsDBCSLeadByte
GetModuleHandleW
DeleteFileW
DeleteFileA
GetTickCount
GetTempPathW
GetCurrentThreadId
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
InterlockedDecrement
SetLastError
LocalFree
lstrlenW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
CreateMutexW
WaitForSingleObject
GetExitCodeProcess
RemoveDirectoryW
CreateProcessW
EnterCriticalSection
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedIncrement
InterlockedExchange
InitializeCriticalSection
EncodePointer
DecodePointer
TlsFree
IsProcessorFeaturePresent
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetCurrentProcessId
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
LeaveCriticalSection

user32

SendMessageW
FindWindowW
CharLowerA
CharLowerW
CharToOemA
CharUpperW
OemToCharA
OemToCharBuffA

advapi32

LookupPrivilegeValueW
RegFlushKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
SetFileSecurityW
SetFileSecurityA
OpenProcessToken
AdjustTokenPrivileges
RegCloseKey

shell32

ShellExecuteExW
SHFileOperationW

ole32

CoUninitialize
CoInitializeEx

oleaut32

VariantClear
VariantInit

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 884KB - Virtual size: 883KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lpk.dll
.dll windows x86

4b754cc9d7156b50f81296c9f71ec114

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ord92
ord64

kernel32

GetTickCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitProcess
GetProcAddress
LoadLibraryW
lstrcatW
GetSystemDirectoryW
FreeLibrary
lstrcpynA
LockResource
LoadResource
SizeofResource
FindResourceW
CreateProcessW
CloseHandle
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
GetLastError
CreateMutexA
lstrcmpiW
GetModuleFileNameW
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
GetCurrentThreadId
GetFileAttributesW
lstrcpyW
IsDebuggerPresent
GetLogicalDrives
FindNextFileW
SetFileAttributesW
CopyFileW
FindClose
FindFirstFileW
WaitForMultipleObjects
TerminateThread
ResumeThread
SetThreadPriority
CreateThread
SetEvent
CreateEventW
DisableThreadLibraryCalls
GetCurrentProcess
IsProcessorFeaturePresent

user32

wsprintfW

shlwapi

PathAppendW
SHRegGetValueW
PathFindExtensionW
StrStrIW
PathRemoveFileSpecW
PathFindFileNameW

Exports

Exports

LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
ftsWordBreak

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wlsetup-web.exe
.exe windows x86

711bcc1f0bbc9c7ee450baffe46d033e

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

03:15:ef:40:0e:d5:9e:b7:ae:1d:44:29:05:33:cb:e8:67:ce:95:ce
Signer

Actual PE Digest

03:15:ef:40:0e:d5:9e:b7:ae:1d:44:29:05:33:cb:e8:67:ce:95:ce

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

28/04/2010, 21:20
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
GetUserNameW
GetTokenInformation
ConvertSidToStringSidW
ImpersonateLoggedOnUser
OpenThreadToken
RevertToSelf
DuplicateTokenEx
DuplicateToken
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
CryptGenRandom
LookupPrivilegeValueW
AdjustTokenPrivileges
RegisterTraceGuidsW
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
CryptReleaseContext
CreateWellKnownSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
SetNamedSecurityInfoW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
SetSecurityInfo
CopySid
IsValidSid
GetLengthSid
InitializeAcl
AddAce
RegQueryValueExW

kernel32

GlobalMemoryStatusEx
GetSystemDefaultUILanguage
GetSystemDefaultLCID
GetComputerNameExW
GetEnvironmentVariableW
lstrlenA
OpenProcess
GetTempPathA
GetFullPathNameA
DeleteFileA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesA
GetShortPathNameW
GetLocalTime
ReadFile
CreateProcessW
GetExitCodeProcess
GetFullPathNameW
GlobalFree
CreateWaitableTimerW
WaitForMultipleObjects
GetExitCodeThread
GetTempPathW
SetWaitableTimer
TerminateThread
GetUserDefaultLangID
QueueUserAPC
GetVersionExW
CompareFileTime
CopyFileW
GetComputerNameW
SystemTimeToFileTime
InterlockedCompareExchange
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
ResetEvent
ReleaseSemaphore
CreateSemaphoreW
CreateThread
LocalAlloc
GetSystemTime
InitializeCriticalSectionAndSpinCount
DuplicateHandle
FreeLibraryAndExitThread
SetFileAttributesW
RemoveDirectoryW
MoveFileExW
GetFileAttributesW
CreateDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
CreateFileW
DeviceIoControl
DeleteFileW
GetTempFileNameW
FindNextFileW
FindFirstFileW
FindClose
EnumResourceNamesW
VerifyVersionInfoW
ExpandEnvironmentStringsW
FindResourceExW
LockResource
SetEnvironmentVariableA
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
GetFileAttributesExW
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
LoadLibraryA
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LCMapStringW
WideCharToMultiByte
LCMapStringA
GetOEMCP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetCurrentThread
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
VirtualQuery
OpenFileMappingW
SetFilePointerEx
GetFileSizeEx
GetSystemInfo
GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualProtect
HeapReAlloc
GetStartupInfoW
GetProcessHeap
HeapAlloc
HeapFree
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
CloseHandle
ReleaseMutex
FreeLibrary
InterlockedExchange
RaiseException
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
LocalFree
GetLastError
FormatMessageW
WaitForSingleObject
OpenMutexW
CreateMutexW
GetModuleFileNameW
lstrlenW
EnterCriticalSection
LeaveCriticalSection
ExitThread
lstrcmpiW
LoadLibraryExW
GetCommandLineW
LoadLibraryW
GetSystemDirectoryW
Sleep
HeapSetInformation
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
GetModuleHandleW
CompareStringW
SetEvent
OpenEventW
GetDiskFreeSpaceExW
MulDiv
CreateEventW
QueueUserWorkItem
GetLongPathNameW
FileTimeToSystemTime
SetThreadPriority
GetThreadPriority
GetConsoleMode
InterlockedIncrement

gdi32

CreatePen
CreateSolidBrush
SaveDC
RestoreDC
SetBkColor
SetLayout
DeleteObject
GetObjectW
CreateFontIndirectW
SetTextColor
GetStockObject
SetBkMode
BitBlt
DeleteDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
ExcludeClipRect
Rectangle
IntersectClipRect
GetClipRgn
CreateRectRgn
GetTextMetricsW

user32

GetMessageW
TranslateAcceleratorW
IsDialogMessageW
DestroyAcceleratorTable
GetLayeredWindowAttributes
SetLayeredWindowAttributes
EnableWindow
GetWindowTextLengthW
GetWindowTextW
GetClassNameW
GetDesktopWindow
FindWindowExW
SystemParametersInfoW
CopyRect
GetSysColor
MessageBoxIndirectW
RedrawWindow
MessageBeep
SetWindowLongW
CreateAcceleratorTableW
InflateRect
GetWindowLongW
AdjustWindowRectEx
GetSystemMetrics
DrawTextW
LoadIconW
EndDialog
GetParent
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
PeekMessageW
UnregisterClassA
ExitWindowsEx
SetCursor
LoadCursorW
DefWindowProcW
PostMessageW
SendMessageW
DestroyWindow
IsWindow
SetRect
GetWindowRect
SetTimer
KillTimer
PostQuitMessage
SetForegroundWindow
GetForegroundWindow
IsWindowVisible
GetNextDlgTabItem
NotifyWinEvent
IsWindowEnabled
UpdateWindow
PtInRect
RegisterClassExW
InvalidateRect
GetFocus
GetKeyState
IntersectRect
SetScrollInfo
GetScrollInfo
TrackMouseEvent
RegisterWindowMessageW
DefDlgProcW
EnumChildWindows
CreateDialogIndirectParamW
DialogBoxIndirectParamW
DrawIconEx
GetClassLongW
MapWindowPoints
ScreenToClient
WindowFromPoint
GetDCEx
SetWindowRgn
PostThreadMessageW
GetWindowThreadProcessId
GetShellWindow
SendMessageTimeoutW
GetClientRect
EndPaint
EnumWindows
LoadStringW
MsgWaitForMultipleObjects
BeginPaint
SetFocus
CreateWindowExW
ReleaseDC
GetDC
SetWindowTextW
SetWindowPos
GetSystemMenu
EnableMenuItem
ShowWindow
GetDlgItem
IsDlgButtonChecked
CheckDlgButton
CharNextW
FillRect
SetProcessDefaultLayout

sensapi

IsNetworkAlive

urlmon

CreateURLMoniker
CoInternetGetSession
CreateAsyncBindCtx

msi

ord96
ord49
ord51
ord80
ord34
ord78
ord150
ord266
ord48
ord195
ord92
ord32
ord159
ord173
ord205
ord113
ord70
ord203
ord141
ord118
ord160
ord8
ord88
ord190
ord115
ord116
ord171

comctl32

ord17
ord410
ord412
ord413

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrustEx

userenv

UnloadUserProfile

setupapi

SetupIterateCabinetW

secur32

GetUserNameExW

crypt32

CryptStringToBinaryW
CertVerifyCertificateChainPolicy
CryptBinaryToStringW

uxtheme

SetWindowTheme

psapi

EnumProcesses
GetModuleFileNameExW
GetModuleBaseNameW
EnumProcessModules

shlwapi

PathCreateFromUrlW
PathFindExtensionW
PathFileExistsW
UrlCreateFromPathW
StrRChrW
StrFormatByteSizeW
PathFindFileNameW
PathIsDirectoryW
ord437
StrStrNW
PathAppendW
SHCreateStreamOnFileEx
UrlCanonicalizeW
PathFindFileNameA
SHCreateStreamOnFileA
PathStripPathW
PathRemoveFileSpecW
PathCombineW
StrStrIW
PathIsRelativeW
SHCreateStreamOnFileW
StrCmpNW

wininet

InternetCrackUrlW
InternetCreateUrlW
InternetCombineUrlW

gdiplus

GdiplusStartup
GdipDeleteGraphics
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdiplusShutdown
GdipDrawImageRectRectI
GdipFree
GdipAlloc
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipDeleteFont
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateFromHWND
GdipCreateFont
GdipGetLogFontW
GdipCloneImage
GdipDrawImageRectRect
GdipDrawImageI
GdipDrawImagePointRectI
GdipDrawImageRectI

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpWriteData
WinHttpAddRequestHeaders
WinHttpTimeFromSystemTime
WinHttpSetCredentials
WinHttpGetProxyForUrl
WinHttpDetectAutoProxyConfigUrl
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpQueryOption
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpReceiveResponse

cabinet

ord11
ord14
ord13
ord10

ntdll

VerSetConditionMask
RtlUnwind

oleacc

LresultFromObject
AccessibleObjectFromWindow

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wsock32

WSAStartup
inet_addr
WSAGetLastError
gethostbyname
WSACleanup

shell32

SHFileOperationW
ShellExecuteExW
SHCreateDirectoryExW
CommandLineToArgvW
SHGetFolderPathW
ord165
SHGetSpecialFolderPathW
SHGetFolderPathAndSubDirW

ole32

CoCreateFreeThreadedMarshaler
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
CoSetProxyBlanket
CoCopyProxy
CoQueryProxyBlanket
CoCreateGuid
OleRun
OleLockRunning

oleaut32

LoadTypeLi
LoadRegTypeLi
VariantCopy
SysAllocStringLen
VariantChangeType
SysAllocString
SysStringLen
SysFreeString
LoadTypeLibEx
VariantClear
VariantInit
VarUI4FromStr

Sections

.text
Size: 721KB - Virtual size: 721KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 463KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
مهم قبل التثبيت.txt

Sharing

General

Malware Config

Signatures

Files

0ebb3c09b06b1666d307952e824c8697

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

comctl32

version

Sections

.text Size: 38KB - Virtual size: 38KB

.data Size: 1024B - Virtual size: 6KB

.rsrc Size: 367KB - Virtual size: 366KB

a02b4ceec11ff985fb8337581a66012d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

56:ec:82:19:51:99:d7:35:ad:6e:70:4b:1b:71:2c:b5Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ee:12:cf:23:39:7b:a1:b7:44:f5:e2:bb:c7:4e:67:eb:89:ec:15:58Signer

Signature Validations

Verification

09/09/2013, 12:13 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 167KB - Virtual size: 167KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 7KB - Virtual size: 31KB

.rsrc Size: 884KB - Virtual size: 883KB

.reloc Size: 14KB - Virtual size: 13KB

4b754cc9d7156b50f81296c9f71ec114

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

user32

shlwapi

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 1024B - Virtual size: 700B

711bcc1f0bbc9c7ee450baffe46d033e

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

.text
Size: 38KB - Virtual size: 38KB

.data
Size: 1024B - Virtual size: 6KB

.rsrc
Size: 367KB - Virtual size: 366KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

56:ec:82:19:51:99:d7:35:ad:6e:70:4b:1b:71:2c:b5
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ee:12:cf:23:39:7b:a1:b7:44:f5:e2:bb:c7:4e:67:eb:89:ec:15:58
Signer

09/09/2013, 12:13
Valid: false

.text
Size: 167KB - Virtual size: 167KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 7KB - Virtual size: 31KB

.rsrc
Size: 884KB - Virtual size: 883KB

.reloc
Size: 14KB - Virtual size: 13KB

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 1024B - Virtual size: 700B

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

03:15:ef:40:0e:d5:9e:b7:ae:1d:44:29:05:33:cb:e8:67:ce:95:ce
Signer

28/04/2010, 21:20
Valid: false

.text
Size: 721KB - Virtual size: 721KB

.data
Size: 15KB - Virtual size: 28KB

.rsrc
Size: 463KB - Virtual size: 463KB

.reloc
Size: 48KB - Virtual size: 48KB