118d0855ea36882c26dc95a3bb99438bf8bee97c89fcb97a81f221c5ad999652

Sharing

Copy URL

Twitter E-mail

General

Target

118d0855ea36882c26dc95a3bb99438bf8bee97c89fcb97a81f221c5ad999652
Size

321KB
MD5

623054c4ff0460a22e5701b014060a7a
SHA1

1b84e918bd5ea84575752f4d6b48d5cbbddb401f
SHA256

118d0855ea36882c26dc95a3bb99438bf8bee97c89fcb97a81f221c5ad999652
SHA512

208748c48704c7b642a25706ddd3a427d4b9398515e3ea57e1cd7dea5500ebef3da38afd86d47f42b07bcf421987ad6639c898762a4416662988671c0db8752a
SSDEEP

6144:KIv3wc6wyTHf9XuSjsx4uMu0D7zr4vPYFTktU+cNX9:KIIcZCHLInMxIvwwdcT

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/Keygen_3.exe	vmprotect

Files

118d0855ea36882c26dc95a3bb99438bf8bee97c89fcb97a81f221c5ad999652
.rar
ChessBaseAdminTool.exe
.exe windows x86

03e0db533ec6875eb3b4e4f37e3b5d28

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:a7:5a:de:76:86:11:ed:d1:d8:a2:ad:fd:57:6d:0c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09-11-2010 00:00

Not After

25-11-2013 23:59

Subject

CN=ChessBase - Schachprogramme-Schachdatenbank Verlagsgesellschaft,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ChessBase - Schachprogramme-Schachdatenbank Verlagsgesellschaft,L=Hamburg,ST=Hamburg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:2f:c3:a4:f3:34:bb:64:57:d5:2c:00:82:e5:1a:0e:47:01:ad:b7
Signer

Actual PE Digest

5c:2f:c3:a4:f3:34:bb:64:57:d5:2c:00:82:e5:1a:0e:47:01:ad:b7

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ChessBase - Schachprogramme-Schachdatenbank Verlagsgesellschaft,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ChessBase - Schachprogramme-Schachdatenbank Verlagsgesellschaft,L=Hamburg,ST=Hamburg,C=DE

19-09-2011 10:43
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

avifil32

AVIFileExit

wininet

InternetGetConnectedState
InternetDialA

sview3

??1ImageList@@QAE@XZ
?GetPCImageList@ImageList@@QAEPAVCImageList@@XZ
??0VirtualDevice@@QAE@AAVOutputDevice@@@Z
?Erase@OutputDevice@@QAE_NABVTexture@@HH@Z
??1Region@@QAE@XZ
?ChangeClipRegion@OutputDevice@@QAEXABVRegion@@@Z
??1Dir@@QAE@XZ
?HasLegalName@DirEntry@@QBE_NXZ
??0FileStat@@QAE@ABVDirEntry@@@Z
??ADir@@QBEAAVDirEntry@@K@Z
?Count@Dir@@QBEKXZ
??0Dir@@QAE@ABVDirEntry@@H@Z
?OutputToScreenPixel@Window@@QBE?AVPoint@@ABV2@@Z
?ChangeColor@Font@@QAEXABVColor@@@Z
?GetHeight@Font@@QBEHXZ
?GetPathName@Config@@QBE?AVSString@@XZ
?ParentGrabFocus@Window@@QAEXXZ
??9Font@@QBE_NABV0@@Z
??BSString@@QBEJXZ
??0Region@@QAE@XZ
?GetTextSize@OutputDevice@@QBE?AVSize@@ABVSString@@II@Z
?ReadKey@Config@@QBE?AVSString@@ABV2@0@Z
?DrawTextHQ@OutputDevice@@QAEXABVFPoint@@ABVSString@@IIH@Z
?InitMouseTracking@Window@@QAEXK@Z
??4MouseEvent@@QAEAAV0@ABV0@@Z
?ChangeHeight@Font@@QAEXH@Z
??1ListControl@@UAE@XZ
?OnItemClick@ListControl@@UAEXHHI_N@Z
?OnItemRClick@ListControl@@UAEXHHI_NABVPoint@@@Z
?OnItemDoubleClick@ListControl@@UAEXHI_N@Z
?OnColumnClick@ListControl@@UAEXH@Z
?OnItemSelected@ListControl@@UAEXH@Z
?OnCustomDrawCell@ListControl@@UBE_NPAUHDC__@@HHABVCRectangle@@ABVColor@@_N@Z
?GetToolTipText@ListControl@@UBE?AVSString@@H@Z
?InsertColumn@ListControl@@QAEHHABVSString@@HHH@Z
?DeleteColumn@ListControl@@QAEXH@Z
?GetNColumns@ListControl@@QBEHXZ
?SetColumnWidth@ListControl@@QAEHHH@Z
?GetSelected@ListControl@@QBEHXZ
??0ListControl@@QAE@PAVWindow@@H@Z
?ViewReport@ListControl@@QAEXXZ
?ArrangeIcons@ListControl@@QAEXXZ
?ViewSymbols@ListControl@@QAEXHH@Z
?GetViewStyle@ListControl@@QBEHXZ
?SetViewStyle@ListControl@@QAEXH@Z
?SetCustomDrawCells@ListControl@@QAEX_N@Z
?GetRowOfYPos@ListControl@@QBEHH@Z
?GetColumnOfXPos@ListControl@@QBEHHH@Z
?RemoveUTF8Marker@SString@@QAE_NXZ
?SetDragImageList@Window@@SAXPAVCImageList@@@Z
??0ImageList@@QAE@PAVCImageList@@@Z
?IsReport@ListControl@@QBE_NXZ
?SetHeaderRightClickHdl@ListControl@@QAEXABVLink@@@Z
?SetDrawListItemHdl@ListControl@@QAEXABVLink@@@Z
?IsList@ListControl@@QBE_NXZ
?IsSmallSymbols@ListControl@@QBE_NXZ
?IsSymbols@ListControl@@QBE_NXZ
?SetSmallImageList@ListControl@@QAEXPAVCImageList@@@Z
?SetLargeImageList@ListControl@@QAEXPAVCImageList@@@Z
?ViewList@ListControl@@QAEXXZ
?ViewSmallSymbols@ListControl@@QAEXHH@Z
?GetColumnTitle@CBListCtrl@@QBE?AVSString@@H@Z
??N@YA_NABVSString@@0@Z
??P@YA_NABVSString@@0@Z
?Reverse@SString@@QAEAAV1@XZ
?DrawRegistrationText@OutputDevice@@QAEXABVPoint@@VSize@@ABVSString@@@Z
??O@YA_NABVSString@@0@Z
?Erase@SString@@QAEAAV1@II@Z
?Insert@SString@@QAEAAV1@DI@Z
?UTF8ToRussian@SString@@QBE?AV1@XZ
?AllocStrBuf@SString@@QAEPADI@Z
?SetOutputSize@VirtualDevice@@QAE_NABVSize@@_N@Z
inflateEnd
inflate
inflateInit_
??0SString@@QAE@PBD@Z
??0SString@@QAE@ABV0@@Z
??1SString@@QAE@XZ
?Call@Link@@UBEJPAX@Z
?ReadKey@Config@@QBE?AVSString@@ABV2@@Z
?WriteKey@Config@@QAEXABVSString@@0@Z
?CallPtr@Link@@UBEKPAX@Z
??0SString@@QAE@XZ
??M@YA_NABVSString@@0@Z
?GetPSVData@@YAPAVSVData@@XZ
?Show@Window@@QAEXXZ
?SetPosSizePixel@Window@@QAEXABVPoint@@ABVSize@@@Z
?GetTextSizeHQ@OutputDevice@@QBE?AVFSize@@ABVSString@@II@Z
??0Config@@QAE@ABVSString@@@Z
??BSString@@QBE_JXZ
?ToAbs@DirEntry@@QAE_NXZ
?BOOLFunc@LibraryLoader@@QBE_NABVSString@@@Z
??0SString@@QAE@K@Z
??0Kernel32Loader@@QAE@XZ
?GetProcAddress@LibraryLoader@@QBEP6GHXZABVSString@@@Z
?ShowHourGlass@Window@@SAX_N@Z
??1International@@QAE@XZ
?DrawWithoutEdge@VisualStylist@@QBEXPAUHDC__@@ABVCRectangle@@@Z
?ReplaceAllChars@SString@@QAEAAV1@DD@Z
??0Font@@QAE@XZ
?Replace@SString@@QAEAAV1@DI@Z
?SetPngBitmap@CBDialogBitmapButton@@QAEXABVBitmap@@@Z
?GetThisMessageMap@CBDialogBitmapButton@@KGPBUAFX_MSGMAP@@XZ
?EraseTrailingChars@SString@@QAEAAV1@D@Z
?GethFont@Font@@QAEPAUHFONT__@@XZ
??0UString@@QAE@PB_W@Z
?GethDC@OutputDevice@@QAEPAUHDC__@@XZ
?GetHWND@Window@@QBEPAUHWND__@@XZ
?GetClientRect@Window@@QBE?AVCRectangle@@XZ
?DrawBackgroundSolid@VisualStylist@@UBEXPAUHDC__@@ABVCRectangle@@@Z
?IsValid@VisualStylist@@QBE_NXZ
?Select@ListControl@@QAEXH_N@Z
?DrawItem@CBDialogBitmapButton@@UAEXPAUtagDRAWITEMSTRUCT@@@Z
??0CBDialogBitmapButton@@QAE@XZ
?GetHBitmap@Bitmap@@QAEPAUHBITMAP__@@VColor@@@Z
??1CBDialogBitmapButton@@UAE@XZ
??0Bitmap@@QAE@ABV0@@Z
?Update@Window@@QAEXXZ
?GetSize@Bitmap@@QBE?AVSize@@XZ
??0Font@@QAE@ABVSString@@H@Z
??4Font@@QAEAAV0@ABV0@@Z
?ChangeTransparent@Font@@QAEX_N@Z
?GetFont@OutputDevice@@QBE?AVFont@@XZ
??9@YA_NABVSString@@0@Z
??9@YA_NABVSString@@PBD@Z
??0SString@@QAE@PB_WI@Z
??0CRectangle@@QAE@ABVPoint@@ABVSize@@@Z
??YSString@@QAEAAV0@PBD@Z
??0SString@@QAE@HH@Z
??4DirEntry@@QAEAAV0@ABV0@@Z
??HDirEntry@@QBE?AV0@ABV0@@Z
?GetDevice@DirEntry@@QBE?AV1@XZ
?Exists@DirEntry@@QBE_NXZ
??YDirEntry@@QAEAAV0@ABV0@@Z
??0DirEntry@@QAE@ABVSString@@@Z
??0DirEntry@@QAE@ABV0@@Z
??0Bitmap@@QAE@XZ
??4SString@@QAEAAV0@ABV0@@Z
?GetFull@DirEntry@@QBE?AVSString@@_N@Z
?MakeDir@DirEntry@@QBE_N_N@Z
??0DirEntry@@QAE@W4DirEntryFlag@@@Z
?ChangeBackgroundBrush@OutputDevice@@QAEXABVBrush@@@Z
?NoCaseEqual@SString@@QBE_NABV1@@Z
??1Timer@@QAE@XZ
??1Config@@QAE@XZ
?Start@Timer@@QAEXXZ
?ChangeTimeout@Timer@@QAEKK@Z
??0Timer@@QAE@XZ
??8@YA_NABVSString@@PBD@Z
??0Texture@@QAE@ABV0@@Z
??0Window@@QAE@XZ
?GetOutputSizePixel@Window@@UBE?AVSize@@XZ
?ChangeBackgroundTexture@OutputDevice@@UAEXABVTexture@@@Z
?ChangeFont@OutputDevice@@UAEXABVFont@@@Z
?Resize@Window@@UAEXXZ
?Test@Window@@UAEXXZ
?Move@Window@@UAEXXZ
?Close@Window@@UAE_NXZ
?Activate@Window@@UAEXXZ
?Deactivate@Window@@UAEXXZ
?OnSetFocus@Window@@UAEXXZ
?OnLoseFocus@Window@@UAEXXZ
?SetText@Window@@UAEXABVSString@@@Z
?GetText@Window@@UBE?AVSString@@XZ
?KeyInput@Window@@UAE_NABVKeyEvent@@@Z
?ProcessMenuSelect@Window@@UAE_NI@Z
?ChangePointer@Window@@UAEXPBD@Z
?ChangePointer@Window@@UAEXI_N@Z
?CaptureMouse@Window@@UAEXXZ
?ReleaseMouse@Window@@UAEXXZ
?QueryDrop@Window@@UAEKABVDropEvent@@@Z
?Drop@Window@@UAE_NABVDropEvent@@@Z
?ExecuteDrag@Window@@UAEKGABVLink@@@Z
?ExecuteDrag@Window@@UAEKABVDropData@@@Z
?ChangeUpdateMode@Window@@UAEX_N@Z
?OnProcessMsg@Window@@UAEXIIJ@Z
?ActivateApp@Window@@UAEXXZ
?DeactivateApp@Window@@UAEXXZ
?EraseVisualStyleBackground@Window@@UAE_NPAUHDC__@@@Z
?HasVisualStyleBackground@Window@@UBE_NXZ
?ProcessThemeChanged@Window@@MAE_NXZ
?ProcessPaint@Window@@MAEXXZ
?CreateNewWindow@Window@@EAEXH@Z
?InitWindow@Window@@EAEXPAVCWnd@@HH@Z
?CreateWin@Window@@EAEXPAVCWnd@@HH@Z
?ProcessFocusMsg@Window@@EAE_NIIJ@Z
?OnDragScroll@Window@@EAEKKVCPoint@@@Z
??1Window@@UAE@XZ
?Invalidate@Window@@QAEXXZ
?SetItemCount@ListControl@@QAEXH@Z
?ClearSelection@ListControl@@QAEXXZ
?EnableLabelEditing@ListControl@@QAEX_N@Z
?ChangeBackgroundTexture@ListControl@@UAEXABVTexture@@@Z
?ChangeFont@ListControl@@UAEXABVFont@@@Z
?Paint@Window@@UAEXABVCRectangle@@@Z
?Resize@ListControl@@UAEXXZ
?OnDragLeavesWindow@ListControl@@MAEXXZ
?OnDragScroll@ListControl@@MAEKKVCPoint@@@Z
?GrabFocus@ListControl@@UAEXXZ
?OnEndLabelEdit@ListControl@@UAEXHPAD@Z
?OnPrePaint@ListControl@@UAEXPAUHDC__@@@Z
?OnPostPaint@ListControl@@UAEXPAUHDC__@@@Z
?OnItemPrePaint@ListControl@@UAEXPAUHDC__@@H@Z
?HasCustomDrawText@ListControl@@UBE_NXZ
?OnCustomDrawText@ListControl@@UAEXPAUHDC__@@HHABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@ABVCRectangle@@_N@Z
?GetSymbolsXSpacing@ListControl@@MBEHXZ
?GetSymbolsYSpacing@ListControl@@MBEHXZ
?GetSmallSymbolsXSpacing@ListControl@@MBEHXZ
?GetSmallSymbolsYSpacing@ListControl@@MBEHXZ
?GetTileXSpacing@ListControl@@MBEHXZ
?GetTileYSpacing@ListControl@@MBEHXZ
??0Color@@QAE@W4ColorName@@@Z
?PasteString@Clipboard@@SA?AVSString@@XZ
?DrawBitmapTransparent@OutputDevice@@QAEXABVPoint@@ABVBitmap@@ABVColor@@@Z
??0Window@@QAE@PAVCWnd@@HH@Z
?GetCntObject@Container@@QBEPAXK@Z
?Insert@Container@@QAEXPAXK@Z
??0Container@@QAE@GGG@Z
??1Container@@QAE@XZ
??4Bitmap@@QAEAAV0@ABV0@@Z
?GetBitmap@OutputDevice@@QBE?AVBitmap@@ABVPoint@@ABVSize@@@Z
?GetOrCreatePCBrush@Brush@@QAEPAVCBrush@@XZ
??0SString@@QAE@F@Z
??BSString@@QBEHXZ
?ToUpper@SString@@QAEAAV1@XZ
?Copy@SString@@QBE?AV1@II@Z
??0VisualStylist@@QAE@PAUHWND__@@ABVSString@@HH@Z
??1VisualStylist@@UAE@XZ
?Match@SString@@QBEIPBD@Z
?GetToken@SString@@QBE?AV1@ID@Z
?SetIsUTF8@SString@@QAEXXZ
?IsUTF8@SString@@QBE_NXZ
?Flush@Config@@QAEXXZ
?Disable@TranscriptData@@QAEXXZ
?SetToGreek@TranscriptData@@QAEXXZ
?SetToCyrillic@TranscriptData@@QAEXXZ
??1Font@@QAE@XZ
??0SString@@QAE@J@Z
?DrawTextA@OutputDevice@@QAEXABVPoint@@ABVSString@@II@Z
??0Window@@QAE@PAV0@HH@Z
??0Brush@@QAE@ABVColor@@W4BrushStyle@@@Z
??1Brush@@QAE@XZ
??8@YA_NABVSString@@0@Z
??YSString@@QAEAAV0@D@Z
??ASString@@QAEAADI@Z
?EraseAllChars@SString@@QAEAAV1@D@Z
??0Texture@@QAE@XZ
?Start@Timer@@QAEXABVLink@@K@Z
?Det3DColors@Texture@@QBEXPAVOutputDevice@@AAVColor@@11@Z
?Beep@Sound@@SAXW4SoundType@@@Z
?Erase@OutputDevice@@QAEXABVColor@@ABVCRectangle@@@Z
?Erase@OutputDevice@@QAE_NABVTexture@@ABVCRectangle@@HH@Z
?Stop@Timer@@QAEXXZ
??4Texture@@QAEAAV0@ABV0@@Z
??0SString@@QAE@PBDII_N@Z
?Search@SString@@QBEIDI@Z
??0SString@@QAE@D@Z
??0UString@@QAE@PBD@Z
??1UString@@QAE@XZ
??0UString@@QAE@ABVSString@@@Z
?ChangeBase@DirEntry@@QAEXABVSString@@@Z
?ToLower@SString@@QAEAAV1@XZ
?Search@SString@@QBEIPBDI@Z
??0SString@@QAE@ABV0@II@Z
?EraseLeadingChars@SString@@QAEAAV1@D@Z
??0SString@@QAE@ABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?GetPath@DirEntry@@QBE?AV1@XZ
??1Bitmap@@UAE@XZ
?Kill@DirEntry@@QBE_NXZ
??0UXThemeLib@@QAE@XZ
?SetThemeAppProperties@UXThemeLib@@QAEXK@Z
?DeleteGroup@Config@@QAEXABVSString@@@Z
?SetGroup@Config@@QAEXABVSString@@@Z
?Add@HdlChain@@QAEXABVLink@@_N@Z
??1LibraryLoader@@UAE@XZ
?Format@SString@@QAAXPBDZZ
??4SString@@QAEAAV0@PBD@Z
??YSString@@QAEAAV0@ABV0@@Z
?SVInit@@YAXXZ
?SVExit@@YAXXZ
?SetAsWrap@Window@@QAEXPAVCWnd@@@Z
?GetColor@Texture@@QBE?AVColor@@PAVOutputDevice@@@Z
?Lighten@Color@@QAE?AV1@HHH@Z
??0Texture@@QAE@ABVColor@@@Z
??1Texture@@QAE@XZ
?SetShowSelAlways@ListControl@@QAEX_N@Z
?SetSVMainWnd@@YAXPAVCWnd@@@Z
??0OutputDevice@@QAE@PAUHDC__@@@Z
??1OutputDevice@@UAE@XZ
?SetTexture@WindowFrame3D@@UAEXABVTexture@@@Z
?Draw@WindowFrame3D@@UAEXXZ
??0Pen@@QAE@ABVColor@@FI@Z
??1Pen@@QAE@XZ
??1WindowFrame@@UAE@XZ
?CreateVisualStylist@WindowFrame@@UAEXPAVWindow@@@Z
?SetTexture@WindowFrame@@UAEXABVTexture@@@Z
?Draw@WindowFrame@@UAEXXZ
?GetColumnIndexByXPixel@ListControl@@QBEHH@Z

msvcp100

??1_Container_base12@std@@QAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
??0_Container_base12@std@@QAE@XZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Orphan_all@_Container_base12@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ

mfc100

ord732
ord5782
ord5279
ord4775
ord5109
ord2240
ord4201
ord4449
ord11885
ord10692
ord2421
ord2433
ord4784
ord4783
ord4787
ord4789
ord11956
ord12282
ord12284
ord7310
ord6997
ord6999
ord10059
ord4124
ord1182
ord11033
ord9172
ord3184
ord3183
ord11009
ord12988
ord2896
ord2897
ord7302
ord1297
ord916
ord339
ord4341
ord6054
ord4340
ord387
ord4785
ord9103
ord12128
ord8453
ord7491
ord7927
ord11940
ord796
ord5830
ord7889
ord3167
ord1011
ord5857
ord8227
ord2776
ord3743
ord7862
ord2614
ord3431
ord13280
ord2409
ord5821
ord968
ord6259
ord7933
ord1483
ord6970
ord6836
ord1437
ord300
ord5163
ord4343
ord12432
ord1280
ord6617
ord6829
ord7150
ord8001
ord4143
ord457
ord6207
ord2626
ord13045
ord305
ord5242
ord723
ord1174
ord1269
ord871
ord5788
ord6521
ord3839
ord7875
ord7876
ord11744
ord12716
ord12091
ord12720
ord12096
ord13095
ord2771
ord2768
ord2901
ord4600
ord12209
ord462
ord12665
ord11243
ord11964
ord1691
ord10930
ord5036
ord2010
ord12540
ord11258
ord6213
ord3390
ord12865
ord4345
ord11960
ord1939
ord12344
ord7487
ord5207
ord11781
ord1313
ord1316
ord3406
ord2067
ord11459
ord13031
ord7593
ord8303
ord8073
ord12944
ord10840
ord11865
ord2456
ord7575
ord7584
ord7510
ord11726
ord13767
ord4724
ord2163
ord11420
ord11421
ord13301
ord7073
ord13299
ord8486
ord3676
ord3618
ord11806
ord7091
ord1732
ord14075
ord10922
ord13181
ord11413
ord7144
ord13483
ord13480
ord13485
ord13482
ord13484
ord13481
ord3409
ord5238
ord11172
ord11180
ord7355
ord9449
ord11184
ord11153
ord11787
ord5098
ord9281
ord6113
ord889
ord1289
ord6010
ord345
ord921
ord10967
ord9399
ord6835
ord9475
ord3970
ord11882
ord12962
ord6680
ord385
ord788
ord10030
ord1210
ord3254
ord11067
ord8137
ord10360
ord3620
ord2974
ord2973
ord2752
ord5532
ord12531
ord2416
ord11108
ord8330
ord8305
ord5805
ord948
ord946
ord1900
ord915
ord3738
ord2742
ord8222
ord5777
ord1263
ord3755
ord2838
ord8231
ord11154
ord5444
ord6090
ord895
ord2187
ord3475
ord7863
ord3746
ord5875
ord5776
ord5837
ord3439
ord316
ord4283
ord1982
ord1929
ord1448
ord12868
ord10007
ord8506
ord10976
ord2611
ord2063
ord901
ord310
ord2061
ord5534
ord12535
ord2881
ord2878
ord7349
ord2417
ord14059
ord14061
ord14060
ord14058
ord14062
ord14045
ord13972
ord13973
ord8235
ord11025
ord3395
ord10883
ord13294
ord8070
ord6217
ord9994
ord8351
ord2847
ord12644
ord11190
ord11188
ord1496
ord1503
ord1509
ord1507
ord1514
ord4373
ord4410
ord4381
ord4393
ord4389
ord4385
ord4415
ord4406
ord4377
ord4419
ord4398
ord4364
ord4368
ord4401
ord3991
ord13980
ord3984
ord2661
ord13302
ord7074
ord13300
ord6128
ord10672
ord12482
ord5253
ord2338
ord11060
ord3484
ord2945
ord2944
ord2846
ord11103
ord4622
ord4903
ord5095
ord8439
ord4881
ord5123
ord4625
ord4774
ord4606
ord6897
ord6898
ord6888
ord4772
ord7357
ord9286
ord8304
ord1294
ord266
ord1296
ord2088

msvcr100

exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
strtoul
ftell
fopen_s
ferror
feof
fread
fwrite
fclose
srand
_acmdln
_mktime64
_initterm
_initterm_e
fseek
strcpy_s
_time64
_strrev
memcpy
__RTDynamicCast
_recalloc
_resetstkoflw
free
malloc
_mbsstr
_mbsnbcpy_s
_atoi64
atol
atoi
memset
rand
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_purecall
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
memmove
__CxxFrameHandler3
_setmbcp
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
memcpy_s

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
DecodePointer
EncodePointer
ExpandEnvironmentStringsA
WritePrivateProfileStringA
GetPrivateProfileStringA
CopyFileA
GetComputerNameA
FileTimeToLocalFileTime
GlobalMemoryStatus
GetLocalTime
GetProcessAffinityMask
SetThreadAffinityMask
SetProcessAffinityMask
GetACP
GetVolumeInformationA
GetDriveTypeA
GetLocaleInfoA
GetSystemInfo
SetUnhandledExceptionFilter
GetCurrentThread
GetCurrentProcess
FormatMessageA
FileTimeToSystemTime
MulDiv
GetFileAttributesA
SetFileAttributesA
SetFileTime
GetCurrentThreadId
GetModuleFileNameA
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrcmpiA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetTickCount
CreateMutexA
CloseHandle
QueryPerformanceCounter
QueryPerformanceFrequency
GetVersionExA
LoadLibraryA
Sleep
lstrcatA
SetLastError
DeactivateActCtx
ActivateActCtx
WaitForSingleObject
InterlockedExchange
CreateFileA
InitializeCriticalSection
CreateEventA
UnmapViewOfFile
WriteFile
SetFilePointer
ReadFile
GetFileSize

user32

PostMessageA
EnableWindow
DrawIcon
CreatePopupMenu
SendMessageA
IsIconic
GetWindowRect
GetClientRect
LoadIconW
GetSystemMetrics
UnhookWindowsHookEx
PeekMessageA
CallNextHookEx
SetWindowsHookExA
CharNextA
BringWindowToTop
UpdateWindow
InvalidateRect
ShowWindow
MessageBoxA
RegisterWindowMessageA
GetParent
ReleaseDC
GetDC
CheckMenuItem
EnableMenuItem
GetMenuItemCount
AppendMenuA
ClientToScreen
CreateWindowExA
SetLayeredWindowAttributes
SetWindowLongA
GetWindowLongA
InsertMenuA
PostQuitMessage
GetMenuState

gdi32

DeleteDC
GetObjectA
GetCurrentObject

advapi32

RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyA
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptDestroyHash
CryptAcquireContextA
CryptGetUserKey
CryptGenKey
CryptReleaseContext
CryptDestroyKey
RegQueryInfoKeyA
RegConnectRegistryA
RegUnLoadKeyA
RegSetKeySecurity
RegSaveKeyA
RegRestoreKeyA
RegReplaceKeyA
RegNotifyChangeKeyValue
RegLoadKeyA
RegGetKeySecurity
RegFlushKey
RegEnumValueA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetUserNameA
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetSpecialFolderLocation
SHFileOperationA
ShellExecuteA
SHGetPathFromIDListA

ole32

CLSIDFromString
StringFromGUID2
CoCreateGuid
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VarUI4FromStr
SysFreeString

Sections

.text
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Keygen_3.exe
.exe windows x86

0048d548ab9c8ded2671f57de94cee4b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetWindowRect

advapi32

CryptDeriveKey

Sections

CODE
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.vmp2
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03e0db533ec6875eb3b4e4f37e3b5d28

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

57:a7:5a:de:76:86:11:ed:d1:d8:a2:ad:fd:57:6d:0cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5c:2f:c3:a4:f3:34:bb:64:57:d5:2c:00:82:e5:1a:0e:47:01:ad:b7Signer

Signature Validations

Verification

19-09-2011 10:43 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

avifil32

wininet

sview3

msvcp100

mfc100

msvcr100

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 356KB - Virtual size: 356KB

.rdata Size: 116KB - Virtual size: 116KB

.data Size: 42KB - Virtual size: 49KB

.rsrc Size: 247KB - Virtual size: 246KB

0048d548ab9c8ded2671f57de94cee4b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

CODE Size: - Virtual size: 8KB

DATA Size: - Virtual size: 4KB

.idata Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 4KB

.rsrc Size: 100KB - Virtual size: 104KB

.vmp1 Size: - Virtual size: 20KB

.vmp2 Size: 59KB - Virtual size: 59KB

.reloc Size: 512B - Virtual size: 204B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

57:a7:5a:de:76:86:11:ed:d1:d8:a2:ad:fd:57:6d:0c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5c:2f:c3:a4:f3:34:bb:64:57:d5:2c:00:82:e5:1a:0e:47:01:ad:b7
Signer

19-09-2011 10:43
Valid: false

.text
Size: 356KB - Virtual size: 356KB

.rdata
Size: 116KB - Virtual size: 116KB

.data
Size: 42KB - Virtual size: 49KB

.rsrc
Size: 247KB - Virtual size: 246KB

CODE
Size: - Virtual size: 8KB

DATA
Size: - Virtual size: 4KB

.idata
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 4KB

.rsrc
Size: 100KB - Virtual size: 104KB

.vmp1
Size: - Virtual size: 20KB

.vmp2
Size: 59KB - Virtual size: 59KB

.reloc
Size: 512B - Virtual size: 204B