ovopoche[.]zip_unxor[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ovopoche.zip_unxor.zip
Size

8.0MB
MD5

32b430dc0ab8116f0f565cdd772eb1ad
SHA1

077770bcd27887f10d3cb560ffc0841fbd7295ce
SHA256

065aaf2e4b833d3ed84a5641e9ed223110b416daebf5566414407e66e23bf75c
SHA512

4efac34b454748dc99958502941c8f80976a9b18f402ab1175fbe936a94193c7b05633976243b0bf25b62c83d0b7e9fa6cfd6649733e30371a9f0dd3e473c421
SSDEEP

196608:tL+KasYMFMZsf0ZEDDd9Tvt8JVoDW7l7o3Ym5mgYZ9wwwFFMmY:tKjsFFMufh5pSVo4hIYmgfwPF+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/zlibai.dll

Files

ovopoche.zip_unxor.zip
.zip
Urubunto.exe
.exe windows x86

0b0a4fc66d1698d6ff51fc282ee85479

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:7d:59:66:04:91:55:be:bf:38:3f:fb:0b:e3:29:10
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

06/03/2020, 00:00

Not After

05/03/2023, 23:59

Subject

CN=Caphyon SRL,OU=SECURE APPLICATION DEVELOPMENT,O=Caphyon SRL,L=Craiova,ST=Dolj,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:eb:6c:9a:38:04:4b:87:d0:5d:e5:3e:14:aa:31:b4:b1:c7:9f:f8:c6:ff:73:0a:81:70:52:53:39:c0:06:ce
Signer

Actual PE Digest

52:eb:6c:9a:38:04:4b:87:d0:5d:e5:3e:14:aa:31:b4:b1:c7:9f:f8:c6:ff:73:0a:81:70:52:53:39:c0:06:ce

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetMappedFileNameW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

mpr

WNetCancelConnection2W
WNetAddConnection2W
WNetGetUserW

msi

ord8
ord52
ord49
ord48
ord92
ord20
ord116
ord118
ord115
ord166
ord159
ord32
ord120
ord160
ord158
ord17
ord125
ord171
ord19

kernel32

GetWindowsDirectoryW
GetCurrentProcess
SetFilePointer
ReadFile
MultiByteToWideChar
WideCharToMultiByte
FormatMessageW
GetConsoleWindow
FindNextFileW
GetFileAttributesW
SetFileAttributesW
SetLastError
CopyFileW
GetLogicalDriveStringsW
ExpandEnvironmentStringsW
WriteFile
SetFileTime
GetEnvironmentVariableW
GetModuleFileNameW
GetEnvironmentStringsW
lstrcpynW
MulDiv
GetModuleHandleW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
QueryDosDeviceW
VerifyVersionInfoW
VerSetConditionMask
lstrlenW
CompareStringW
Sleep
GetExitCodeThread
TerminateThread
CreateThread
DosDateTimeToFileTime
LocalFileTimeToFileTime
GetShortPathNameW
GetUserDefaultLCID
AttachConsole
FreeConsole
AllocConsole
DecodePointer
LocalFree
SetConsoleTitleW
GetComputerNameW
ExpandEnvironmentStringsA
LoadLibraryExA
SetEndOfFile
ReadConsoleW
ReadConsoleInputW
SetConsoleMode
GetConsoleMode
GetTimeZoneInformation
GetFileType
ExitProcess
GetConsoleCP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
GetSystemTimeAsFileTime
QueryPerformanceCounter
WaitForSingleObjectEx
GetCPInfo
CompareStringEx
LCMapStringEx
GetLocaleInfoEx
GetModuleHandleExW
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetCurrentThread
GetModuleFileNameA
LoadLibraryA
GetCurrentProcessId
OutputDebugStringW
SetUnhandledExceptionFilter
DuplicateHandle
FlushFileBuffers
SetConsoleOutputCP
GetConsoleOutputCP
InitializeCriticalSection
GetConsoleScreenBufferInfo
GetStdHandle
SetConsoleTextAttribute
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetFullPathNameW
GetStringTypeW
VirtualQuery
VirtualProtect
GetSystemInfo
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
CreateProcessW
GetLocaleInfoW
FindFirstFileW
GetFileSize
CloseHandle
CreateFileW
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
GetFileSizeEx
EnumSystemLocalesW
IsValidLocale
GlobalAlloc
GlobalFree
GlobalUnlock
GlobalLock
FreeLibrary
GetPrivateProfileSectionW
LoadLibraryW
LoadLibraryExW
GetSystemDirectoryW
GetProcAddress
MoveFileW
CreateDirectoryW
GetTempFileNameW
GetTempPathW
RemoveDirectoryW
FindClose
LCMapStringW
RaiseException
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
GetLastError
DeleteCriticalSection
GetExitCodeProcess
DeleteFileW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrcmpiW

user32

CreateDialogParamW
UnregisterClassW
GetActiveWindow
SetWindowLongW
GetKeyState
RemovePropW
SetPropW
keybd_event
IsRectEmpty
DialogBoxIndirectParamW
MonitorFromWindow
ScrollWindowEx
SetScrollPos
GetScrollInfo
MessageBeep
SetScrollInfo
SetDlgItemTextW
GetPropW
PostQuitMessage
CharLowerW
LoadBitmapW
KillTimer
SetCursorPos
LoadStringW
MonitorFromPoint
GetWindowLongW
DefWindowProcW
CallWindowProcW
SendMessageW
GetWindowTextLengthW
ClientToScreen
GetWindowRect
PtInRect
SetTimer
CreateWindowExW
LoadIconW
MonitorFromRect
GetWindowPlacement
SetWindowPlacement
ModifyMenuW
GetSystemMenu
MoveWindow
GetComboBoxInfo
GetMessagePos
EnableWindow
GetDesktopWindow
SetCapture
ReleaseCapture
GetCapture
UpdateWindow
CharNextW
SetRectEmpty
GetClassNameW
DrawFocusRect
OffsetRect
SystemParametersInfoW
EndPaint
BeginPaint
SetRect
FillRect
DrawTextW
GetSysColor
DrawEdge
CreatePopupMenu
InsertMenuItemW
TrackMouseEvent
GetCursorPos
SetWindowPos
IsWindowEnabled
GetWindowDC
GetTopWindow
GetFocus
InvalidateRect
IsWindowVisible
EndDialog
GetWindow
InflateRect
GetMonitorInfoW
SetParent
ReleaseDC
GetClientRect
IsDialogMessageW
RegisterWindowMessageW
SetCursor
ShowWindow
LoadMenuW
GetSubMenu
LoadCursorW
GetClassInfoExW
RegisterClassExW
DialogBoxParamW
AppendMenuW
GetDlgCtrlID
MapWindowPoints
PostMessageW
TrackPopupMenu
EnableMenuItem
DestroyMenu
DestroyWindow
ScreenToClient
IsWindow
GetDlgItem
SetFocus
SetWindowTextW
GetWindowTextW
GetSystemMetrics
LoadImageW
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
RedrawWindow
GetDC
GetParent

gdi32

LineTo
MoveToEx
SetBkMode
GetStockObject
ExcludeClipRect
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
GetDeviceCaps
DeleteDC
GetObjectW
CreateFontIndirectW
CreatePen
CreateFontW
CreatePatternBrush
CreateBitmap
PatBlt
SetViewportOrgEx
SetTextColor

comdlg32

ReplaceTextW
FindTextW
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
GetUserNameW
IsTextUnicode
CryptDecrypt
CryptDestroyKey
CryptEncrypt
CryptDeriveKey
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW

shell32

ShellExecuteW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
ord155
SHGetFolderLocation
ExtractIconExW
SHGetFolderPathW
SHFileOperationW

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
CoSetProxyBlanket
CoTaskMemFree
CoInitializeSecurity
CoUninitialize
CoInitializeEx

oleaut32

VarUI4FromStr
SysStringLen
VariantChangeType
SafeArrayGetElement
SysAllocString
SysFreeString
SysAllocStringByteLen
SafeArrayPutElement
VariantClear
VariantCopy
SysStringByteLen
SafeArrayDestroy
SafeArrayCreate
VariantInit

zlibai

unzOpenW
unzLocateFile
unzOpenCurrentFile
unzReadCurrentFile
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGoToFirstFile
unzGoToNextFile
unzClose

shlwapi

PathAppendW
PathIsDirectoryW
PathIsUNCW

comctl32

CreatePropertySheetPageW
ImageList_Create
ImageList_AddMasked
ImageList_GetIcon
InitCommonControlsEx
PropertySheetW
ImageList_Destroy
DestroyPropertySheetPage
ImageList_ReplaceIcon

msimg32

GradientFill

dbghelp

SymGetLineFromAddr
SymSetSearchPath
SymCleanup
SymInitialize
SymSetOptions
StackWalk
SymGetModuleBase
SymFunctionTableAccess

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dbghelp.dll
.dll windows x86

fa6b094f828920cf8999743ff0004319

Code Sign

61:05:f7:1e:00:00:00:00:00:32
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

13/07/2009, 23:00

Not After

13/10/2010, 23:10

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:03:dc:f6:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:12

Not After

25/07/2011, 19:22

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:15:08:27:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

25/01/2006, 23:22

Not After

25/01/2017, 23:32

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aa
Signer

Actual PE Digest

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_isatty
_write
_lseeki64
??3@YAXPAX@Z
_fileno
_read
__pioinfo
__badioinfo
ferror
wctomb
_snprintf
isleadbyte
mbtowc
_onexit
_lock
__dllonexit
_unlock
_ismbblead
_amsg_exit
_initterm
_XcptFilter
memmove
_iob
__mb_cur_max
strchr
_vsnwprintf
_errno
__CxxFrameHandler
iswspace
calloc
_itoa
_wcsdup
towlower
tolower
_wcslwr
time
_wctime
_ltoa
_strnicmp
_wcsnicmp
_purecall
ctime
malloc
strncmp
isspace
_stricmp
_strlwr
free
wcsrchr
strstr
memcpy
_wcsicmp
qsort
wcschr
wcsstr
wcsncmp
iswxdigit
memset
??2@YAPAXI@Z
iswprint
fflush
fprintf
atol
fclose
__unDName
iswdigit
_CxxThrowException
bsearch
_wfsopen
fread
fseek
wcstol
_wfullpath
_wgetenv
_get_osfhandle
_chsize
_close
_open_osfhandle
ftell
_memicmp
_mbscmp
??1type_info@@UAE@XZ
_wsopen

kernel32

HeapFree
MapViewOfFileEx
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
GetFileType
DeviceIoControl
SetFileAttributesW
CreateFileMappingW
InterlockedIncrement
InterlockedDecrement
LocalFree
FormatMessageW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedExchange
GetThreadSelectorEntry
CreateThread
TerminateThread
VirtualQueryEx
GetPriorityClass
GetThreadPriority
GetThreadTimes
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId
GetSystemTimeAsFileTime
Sleep
GetVersion
GetSystemInfo
LoadLibraryExA
InterlockedCompareExchange
DelayLoadFailureHook
ReadProcessMemory
GetProcessHeap
GetFileAttributesA
SetErrorMode
WriteFile
OutputDebugStringA
VirtualFree
OpenProcess
GetCurrentProcessId
GetModuleHandleA
CreateFileMappingA
MapViewOfFile
DuplicateHandle
VirtualAlloc
VirtualProtect
CreateDirectoryA
UnmapViewOfFile
GetCurrentProcess
SetFilePointer
IsDBCSLeadByte
HeapAlloc
HeapReAlloc
GetVersionExA
InitializeCriticalSection
FindClose
SetLastError
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetLastError
TlsSetValue
TlsGetValue
FreeLibrary
LoadLibraryA
TlsAlloc
TlsFree
DeleteCriticalSection
HeapDestroy
HeapCreate
FlushViewOfFile

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
itoldyouso
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uires.dll
.dll windows x86

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:7d:59:66:04:91:55:be:bf:38:3f:fb:0b:e3:29:10
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

06/03/2020, 00:00

Not After

05/03/2023, 23:59

Subject

CN=Caphyon SRL,OU=SECURE APPLICATION DEVELOPMENT,O=Caphyon SRL,L=Craiova,ST=Dolj,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:ff:31:7c:3d:ea:68:65:31:61:ab:21:d5:2f:a9:ca:9e:c8:a6:d3:5c:26:f3:1b:6f:ce:24:c8:a4:87:06:f8
Signer

Actual PE Digest

bf:ff:31:7c:3d:ea:68:65:31:61:ab:21:d5:2f:a9:ca:9e:c8:a6:d3:5c:26:f3:1b:6f:ce:24:c8:a4:87:06:f8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13.0MB - Virtual size: 13.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
zlibai.dll
.dll windows x86

c81b5a8cb8b896cc145b9b5ea0168673

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetEnumResourceW
WNetGetUniversalNameW
WNetCloseEnum
WNetOpenEnumW

winmm

timeGetTime

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_AddMasked
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_DrawIndirect
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

ExtractIconW
SHGetMalloc
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderLocation
Shell_NotifyIconW
SHAppBarMessage
SHFileOperationW
ShellExecuteW
ShellExecuteExW

user32

CopyImage
MoveWindow
SetMenuItemInfoW
GetMenuItemInfoW
DefFrameProcW
SetCaretPos
GetCaretPos
ScrollWindowEx
GetDlgCtrlID
GetUpdateRgn
FrameRect
RegisterWindowMessageW
GetMenuStringW
FillRect
SendMessageA
IsClipboardFormatAvailable
EnumWindows
ShowOwnedPopups
GetClassInfoW
GetScrollRange
SetActiveWindow
GetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
EnumChildWindows
SendNotifyMessageW
GetScrollBarInfo
UnhookWindowsHookEx
SetCapture
GetCapture
ChildWindowFromPointEx
CreatePopupMenu
ShowCaret
GetMenuItemID
DestroyCaret
CharLowerBuffW
ChangeDisplaySettingsW
PostMessageW
SetWindowLongW
RegisterClassExW
DrawMenuBar
SetParent
IsZoomed
InvalidateRgn
SetSystemCursor
GetClientRect
IsChild
IntersectRect
IsIconic
CallNextHookEx
CloseDesktop
ShowWindow
SetForegroundWindow
GetWindowTextW
GetAsyncKeyState
GetWindowTextLengthW
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetFocus
GetDC
SetThreadDesktop
GetThreadDesktop
SetFocus
ReleaseDC
mouse_event
ExitWindowsEx
GetClassLongW
OpenDesktopA
DrawTextW
SetScrollRange
ChangeDisplaySettingsExA
PeekMessageA
TabbedTextOutW
MessageBeep
SetClassLongW
RemovePropW
GetSubMenu
OpenInputDesktop
EqualRect
DestroyIcon
IsWindowVisible
DispatchMessageA
PtInRect
UnregisterClassW
GetTopWindow
SendMessageW
GetTabbedTextExtentW
GetMessageTime
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetWindowRgn
GetMenuItemCount
GetSysColorBrush
GetWindowDC
DrawTextExW
CharLowerBuffA
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
DrawIconEx
keybd_event
GetClassNameW
GetMessagePos
GetIconInfo
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
SetCursorPos
GetCursorPos
SetMenu
GetMenuState
GetMenu
SetRect
GetKeyState
IsRectEmpty
ValidateRect
IsCharAlphaW
GetCursor
CopyRect
KillTimer
WaitMessage
TranslateMDISysAccel
GetWindowPlacement
GetClipboardFormatNameW
CreateIconIndirect
GetMenuItemRect
CreateWindowExW
EnumDisplaySettingsA
GetMessageW
GetDCEx
SetProcessWindowStation
PeekMessageW
MonitorFromWindow
GetUpdateRect
MessageBoxA
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
MapVirtualKeyW
OffsetRect
IsWindowUnicode
DispatchMessageW
CreateAcceleratorTableW
DefMDIChildProcW
GetSystemMenu
SetScrollPos
GetScrollPos
InflateRect
DrawFocusRect
ReleaseCapture
LoadCursorW
GetGUIThreadInfo
ScrollWindow
GetLastActivePopup
MessageBoxIndirectW
SetMenuInfo
GetMenuInfo
GetSystemMetrics
EnumDisplayDevicesA
CharUpperBuffW
ClientToScreen
SetClipboardData
GetClipboardData
SetWindowPlacement
GetMonitorInfoW
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
EnableWindow
ToAscii
GetWindowThreadProcessId
RedrawWindow
EndPaint
MsgWaitForMultipleObjectsEx
GetUserObjectInformationA
LoadKeyboardLayoutW
ActivateKeyboardLayout
GetParent
CreateCaret
MonitorFromRect
InsertMenuItemW
GetPropW
MessageBoxW
SetPropW
EnumWindowStationsW
UpdateWindow
MsgWaitForMultipleObjects
VkKeyScanW
DestroyMenu
SetWindowsHookExW
CloseWindowStation
EmptyClipboard
GetDoubleClickTime
GetAncestor
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
OpenWindowStationA
SetKeyboardState
GetKeyboardState
DrawFrameControl
ScreenToClient
IsCharAlphaNumericW
WindowFromDC
SetCursor
CreateIcon
RemoveMenu
GetKeyboardLayoutNameW
OpenClipboard
TranslateMessage
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
PostMessageA
CharUpperBuffA
CopyIcon
PostQuitMessage
GetProcessWindowStation
ShowScrollBar
EnableMenuItem
LoadImageW
HideCaret
FindWindowExW
MonitorFromPoint
LoadIconW
SystemParametersInfoW
GetWindow
GetWindowLongW
GetWindowRect
ToUnicode
InsertMenuW
PostThreadMessageW
IsWindowEnabled
IsDialogMessageA
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SafeArrayPutElement
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SafeArrayAccessData
SysReAllocStringLen
SafeArrayCreate
VariantChangeTypeEx
SafeArrayGetElement
GetActiveObject
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPtrOfIndex
SafeArrayGetElemsize
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopyInd
VariantChangeType

netapi32

NetWkstaGetInfo

advapi32

RegSetValueExW
RegConnectRegistryW
RegCreateKeyA
GetUserNameA
GetUserNameW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegReplaceKeyW
RegCreateKeyExW
RegLoadKeyW
RegEnumKeyExW
AdjustTokenPrivileges
RegDeleteKeyW
LookupPrivilegeValueW
RegOpenKeyExA
RegOpenKeyExW
OpenProcessToken
RegDeleteValueW
RegFlushKey
RegQueryValueExA
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegRestoreKeyW

msvcrt

memcpy
memset

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

SetFileAttributesW
GetFileType
SetFileTime
QueryDosDeviceW
GetACP
GetStringTypeExW
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
TlsAlloc
ReadProcessMemory
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
HeapAlloc
ExitProcess
FindNextChangeNotification
GetCPInfoExW
GlobalSize
WriteProcessMemory
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
DosDateTimeToFileTime
GetUserDefaultLCID
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
MapViewOfFile
CreateMutexW
LoadLibraryA
GetVolumeInformationW
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
FindFirstChangeNotificationW
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
GetStringTypeW
GetCurrentThread
GetLogicalDrives
LocalFileTimeToFileTime
GetFileAttributesExW
IsBadReadPtr
LockResource
LoadLibraryExW
TerminateProcess
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
GlobalFindAtomW
VirtualQuery
GlobalFree
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
ReleaseMutex
GetStringTypeExA
LoadResource
SuspendThread
GetTickCount
WaitForMultipleObjects
GetTempFileNameW
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
GlobalLock
SetThreadPriority
VirtualAlloc
GetTempPathW
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
VirtualAllocEx
GetLogicalDriveStringsW
WinExec
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
TlsFree
GetConsoleOutputCP
UnmapViewOfFile
GetConsoleCP
GlobalHandle
lstrlenW
CompareStringA
SetEndOfFile
QueryPerformanceCounter
lstrcmpW
InitializeCriticalSectionAndSpinCount
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
EnumResourceNamesW
DeleteFileW
IsDBCSLeadByteEx
FindCloseChangeNotification
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
CreateFileMappingW
ExitThread
OpenThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
SleepEx
TlsSetValue
VirtualFreeEx
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

wsock32

htons
connect
WSAStartup
inet_addr
send
closesocket
socket

ole32

CoRevokeClassObject
OleRegEnumVerbs
IsAccelerator
CreateBindCtx
CoRegisterClassObject
MkParseDisplayName
CoCreateGuid
CoCreateInstance
CLSIDFromString
CoUninitialize
IsEqualGUID
ProgIDFromCLSID
CreateStreamOnHGlobal
OleInitialize
CLSIDFromProgID
OleUninitialize
CoGetClassObject
CoInitialize
CoTaskMemFree
OleDraw
CoTaskMemAlloc
StringFromCLSID
OleSetMenuDescriptor

gdi32

AddFontMemResourceEx
Pie
SetBkMode
GetTextCharsetInfo
GetRandomRgn
CreateCompatibleBitmap
BeginPath
GetEnhMetaFileHeader
CloseEnhMetaFile
RectVisible
AngleArc
ResizePalette
SetAbortProc
SetTextColor
GetTextColor
StretchBlt
PathToRegion
GetCharABCWidthsFloatW
GetGlyphIndicesW
ExtSelectClipRgn
ExtEscape
RoundRect
SelectClipRgn
RectInRegion
RestoreDC
FillPath
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
GetTextCharset
CreateDCW
CreateICW
CreatePen
FillRgn
PolyBezierTo
GetStockObject
CreateSolidBrush
GetFontUnicodeRanges
GetBkMode
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
ModifyWorldTransform
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetEnhMetaFileBits
GetSystemPaletteEntries
CreatePenIndirect
SetBitmapBits
GetEnhMetaFilePaletteEntries
SetMapMode
CreateFontIndirectW
PolyBezier
ExtCreatePen
GetBitmapDimensionEx
DPtoLP
LPtoDP
GetNearestColor
EndDoc
GetObjectW
GetCurrentObject
GetFontData
GetWinMetaFileBits
SetROP2
GetTextExtentExPointW
GetROP2
GetOutlineTextMetricsW
PtVisible
GetEnhMetaFileDescriptionW
ArcTo
CreateEnhMetaFileW
Arc
CreateRectRgnIndirect
TextOutW
SelectPalette
SetGraphicsMode
ExcludeClipRect
SetTextJustification
SetWindowOrgEx
MaskBlt
GetCharacterPlacementW
CreatePatternBrush
EndPage
EndPath
EqualRgn
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
GetViewportOrgEx
CreateRectRgn
RealizePalette
GetObjectType
GetDIBColorTable
SetDIBColorTable
GetGlyphOutlineW
OffsetClipRgn
GetTextMetricsA
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
CreateDCA
CreateEllipticRgn
PlgBlt
Rectangle
DeleteDC
SaveDC
GetWorldTransform
BitBlt
FrameRgn
SetWorldTransform
GetDeviceCaps
GetTextExtentPoint32W
PtInRegion
GetClipBox
GetClipRgn
Polyline
IntersectClipRect
CombineTransform
CreateBitmap
CombineRgn
SetWinMetaFileBits
CreateDIBitmap
GetStretchBltMode
CreateDIBSection
GetDIBits
SetStretchBltMode
CreateFontIndirectA
LineTo
GetRgnBox
EnumFontFamiliesW
EnumFontsW
SetWindowExtEx
CreateHalftonePalette
DeleteObject
SelectObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
OffsetRgn
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetNearestPaletteIndex
SetTextAlign
GetTextAlign
RemoveFontMemResourceEx
CreateRoundRectRgn
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
GetTextFaceW
SetViewportExtEx
SetPixel
PolyPolyline
EnumFontFamiliesExW
StretchDIBits
WidenPath
GetPaletteEntries

magnification

MagSetWindowSource
MagInitialize
MagSetWindowTransform
MagSetImageScalingCallback
MagSetWindowFilterList

ntdll

NtQuerySystemInformation
RtlNtStatusToDosError
NtQueryInformationThread
NtOpenThread
NtOpenProcess

Exports

Exports

OQOJDohfqfhfgfqgfqgqffqqffqqfqf
OQOJDowgqffqqffqqfqf
TMethodImplementationIntercept
__dbk_fcall_wrapper
adler32
adler32_combine
adler32_combine64
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine64
dbkFCallWrapperAddr
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
fill_fopen_filefunc
get_crc_table
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGoToFirstFile
unzGoToNextFile
unzLocateFile
unzOpenCurrentFile
unzOpenW
unzReadCurrentFile
wwgwggwwggwgw
zError
zipClose
zipCloseFileInZip
zipOpen
zipOpen2
zipOpenNewFileInZip
zipWriteInFileInZip
zlibCompileFlags
zlibVersion

Sections

.text
Size: 10.6MB - Virtual size: 10.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 812KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 896KB - Virtual size: 895KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b0a4fc66d1698d6ff51fc282ee85479

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

79:7d:59:66:04:91:55:be:bf:38:3f:fb:0b:e3:29:10Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

52:eb:6c:9a:38:04:4b:87:d0:5d:e5:3e:14:aa:31:b4:b1:c7:9f:f8:c6:ff:73:0a:81:70:52:53:39:c0:06:ceSigner

Headers

DLL Characteristics

File Characteristics

Imports

psapi

version

mpr

msi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

zlibai

shlwapi

comctl32

msimg32

dbghelp

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 327KB - Virtual size: 326KB

.data Size: 20KB - Virtual size: 28KB

.rsrc Size: 449KB - Virtual size: 449KB

.reloc Size: 85KB - Virtual size: 84KB

fa6b094f828920cf8999743ff0004319

Code Sign

61:05:f7:1e:00:00:00:00:00:32Certificate

Extended Key Usages

Key Usages

61:03:dc:f6:00:00:00:00:00:0cCertificate

Extended Key Usages

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:15:08:27:00:00:00:00:00:0cCertificate

Extended Key Usages

Key Usages

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aaSigner

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 18KB - Virtual size: 112KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 60KB - Virtual size: 59KB

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

79:7d:59:66:04:91:55:be:bf:38:3f:fb:0b:e3:29:10
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

52:eb:6c:9a:38:04:4b:87:d0:5d:e5:3e:14:aa:31:b4:b1:c7:9f:f8:c6:ff:73:0a:81:70:52:53:39:c0:06:ce
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 327KB - Virtual size: 326KB

.data
Size: 20KB - Virtual size: 28KB

.rsrc
Size: 449KB - Virtual size: 449KB

.reloc
Size: 85KB - Virtual size: 84KB

61:05:f7:1e:00:00:00:00:00:32
Certificate

61:03:dc:f6:00:00:00:00:00:0c
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:15:08:27:00:00:00:00:00:0c
Certificate

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aa
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 18KB - Virtual size: 112KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 60KB - Virtual size: 59KB

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

79:7d:59:66:04:91:55:be:bf:38:3f:fb:0b:e3:29:10
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

bf:ff:31:7c:3d:ea:68:65:31:61:ab:21:d5:2f:a9:ca:9e:c8:a6:d3:5c:26:f3:1b:6f:ce:24:c8:a4:87:06:f8
Signer

.rdata
Size: 512B - Virtual size: 332B

.rsrc
Size: 13.0MB - Virtual size: 13.0MB

.text
Size: 10.6MB - Virtual size: 10.6MB

.itext
Size: 31KB - Virtual size: 31KB

.data
Size: 108KB - Virtual size: 107KB

.bss
Size: - Virtual size: 812KB

.idata
Size: 20KB - Virtual size: 19KB

.didata
Size: 4KB - Virtual size: 4KB

.edata
Size: 2KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 69B

.reloc
Size: 896KB - Virtual size: 895KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB