TreeSizeFree[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

TreeSizeFree.exe
Size

40.7MB
MD5

6ab6eed3f09e0ba6e11ec49ae93029b0
SHA1

e8bb5f27fb84c0b98f2634937b2e1ba247bac451
SHA256

ac2a94a57b9012bdce091a39473580e2cacaeaf44588631495a0b62be11044a6
SHA512

fb5c61c9e367e6244acec1bf2dce13f4527fab32eb6a4aaf330adbc2b222bba35927b297d24be1076c6ae47dd806be4e6a6eda8ca4409ff8be4c32e9becddf6f
SSDEEP

196608:ApXAEm6L69ZW9Xdp6jGdRsZkPc/rprRK5igL4xB8gqUkGNgFl2wFEbbcfy:Ape6L69cQG/U/rK5fQn5Wg

Score

1^/10

Malware Config

Signatures

Files

TreeSizeFree.exe
.exe windows x64

d442d3de1dfdd1b88b0e1fd99e38ddcc

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:37:a5:59:8a:bd:fe:99:d2:4f:c0:56
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

17/01/2022, 15:38

Not After

28/02/2025, 16:49

Subject

SERIALNUMBER=HRB 4920,CN=JAM Software GmbH,O=JAM Software GmbH,STREET=Am Wissenschaftspark 26,L=Trier,ST=Rheinland-Pfalz,C=DE,1.3.6.1.4.1.311.60.2.1.1=#1308576974746c696368,1.3.6.1.4.1.311.60.2.1.2=#130f526865696e6c616e642d5066616c7a,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:3d:96:1f:54:e9:fe:35:85:63:ea:80:27:35:27:a2:5c:7e:e3:84:8a:87:ea:c7:cb:c5:8a:09:f8:e4:71:47
Signer

Actual PE Digest

45:3d:96:1f:54:e9:fe:35:85:63:ea:80:27:35:27:a2:5c:7e:e3:84:8a:87:ea:c7:cb:c5:8a:09:f8:e4:71:47

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

virtdisk

GetVirtualDiskPhysicalPath
AttachVirtualDisk
OpenVirtualDisk

shlwapi

PathCanonicalizeW
StrCmpLogicalW
StrFormatByteSizeW
SHGetViewStatePropertyBag
PathMatchSpecW
StrRetToStrW
StrFormatKBSizeW
PathCombineW
PathIsDirectoryW
SHStrDupW

version

GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA

user32

CopyImage
MoveWindow
SetMenuItemInfoW
GetMenuItemInfoW
DefFrameProcW
DrawTextA
GetDlgCtrlID
FrameRect
RegisterWindowMessageW
GetMenuStringW
FillRect
UnregisterClassA
SendMessageA
IsClipboardFormatAvailable
EnumWindows
ShowOwnedPopups
GetClassInfoExW
GetClassInfoW
GetScrollRange
SetActiveWindow
GetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
GetWindowLongPtrA
SetWindowLongPtrA
EnumChildWindows
SendMessageTimeoutA
GetScrollBarInfo
UnhookWindowsHookEx
SetCapture
GetCapture
CreatePopupMenu
ShowCaret
GetMenuItemID
CharLowerBuffW
PostMessageW
DrawMenuBar
IsZoomed
SetParent
GetClientRect
IsChild
LoadImageA
IsIconic
CallNextHookEx
ShowWindow
SetForegroundWindow
GetWindowTextW
GetAsyncKeyState
PostThreadMessageA
DestroyWindow
IsDialogMessageW
RegisterClassW
EndMenu
CharNextW
GetFocus
GetDC
SetFocus
ReleaseDC
CreateWindowExA
GetMessageA
DrawTextW
SetScrollRange
PeekMessageA
MessageBeep
LockWindowUpdate
RemovePropW
AttachThreadInput
GetSubMenu
DestroyIcon
IsWindowVisible
DispatchMessageA
PtInRect
UnregisterClassW
GetTopWindow
SendMessageW
NotifyWinEvent
GetComboBoxInfo
GetWindowLongPtrW
SetWindowLongPtrW
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetWindowRgn
GetMenuItemCount
GetSysColorBrush
GetWindowDC
DrawTextExW
EnumClipboardFormats
ScrollDC
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
GetSysColor
EnableScrollBar
TrackPopupMenu
DrawIconEx
GetClassNameW
GetMessagePos
GetIconInfo
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
SetCursorPos
GetCursorPos
SetMenu
GetMenuState
GetMenu
SetRect
GetKeyState
IsRectEmpty
ValidateRect
IsCharAlphaW
GetCursor
GetWindowTextA
KillTimer
BeginDeferWindowPos
WaitMessage
RegisterClassA
TranslateMDISysAccel
GetWindowPlacement
GetClipboardFormatNameW
CreateIconIndirect
GetMenuItemRect
CreateWindowExW
ChildWindowFromPoint
GetMessageW
GetDCEx
PeekMessageW
MonitorFromWindow
GetUpdateRect
MessageBoxA
SetTimer
SwitchToThisWindow
WindowFromPoint
BeginPaint
DrawStateW
RegisterClipboardFormatW
MapVirtualKeyW
OffsetRect
IsWindowUnicode
DispatchMessageW
DefMDIChildProcW
GetSystemMenu
SetScrollPos
GetScrollPos
InflateRect
DrawFocusRect
ReleaseCapture
LoadCursorW
ScrollWindow
GetLastActivePopup
GetCursorInfo
CallWindowProcA
GetSystemMetrics
SetWindowTextA
CharUpperBuffW
GetClassNameA
SetClassLongPtrW
GetClassLongPtrW
ClientToScreen
SetClipboardData
GetClipboardData
SetWindowPlacement
GetMonitorInfoW
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
ToAscii
EnableWindow
GetWindowThreadProcessId
RedrawWindow
EndPaint
MsgWaitForMultipleObjectsEx
FindWindowA
LoadKeyboardLayoutW
ActivateKeyboardLayout
GetParent
MonitorFromRect
InsertMenuItemW
GetPropW
MessageBoxW
SetPropW
UpdateWindow
MsgWaitForMultipleObjects
DestroyMenu
OemToCharA
SetWindowsHookExW
EmptyClipboard
GetAncestor
GetDlgItem
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
SetKeyboardState
GetKeyboardState
OemToCharBuffW
DrawFrameControl
ScreenToClient
IsCharAlphaNumericW
WindowFromDC
BringWindowToTop
SetCursor
CreateIcon
RemoveMenu
SubtractRect
GetKeyboardLayoutNameW
OpenClipboard
TranslateMessage
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
PostMessageA
PostQuitMessage
ShowScrollBar
LoadImageW
EnableMenuItem
DeferWindowPos
HideCaret
EndDeferWindowPos
FindWindowExW
MonitorFromPoint
LoadIconW
SystemParametersInfoW
GetWindow
DefWindowProcA
GetWindowRect
InsertMenuW
PostThreadMessageW
IsWindowEnabled
IsDialogMessageA
GetMenuDefaultItem
CharNextA
FindWindowW
DeleteMenu
GetKeyboardLayout

oleaut32

VarR8FromDec
SafeArrayPutElement
VarR4FromDec
VariantClear
SysReAllocStringLen
CreateErrorInfo
GetActiveObject
SafeArrayGetLBound
SafeArrayGetUBound
VariantCopy
SafeArrayCopy
SafeArrayDestroy
SafeArrayAccessData
SysFreeString
VariantInit
GetErrorInfo
SetErrorInfo
SafeArrayCreate
SafeArrayGetElement
SafeArrayUnaccessData
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayCreateVector
VariantChangeType
VariantCopyInd

advapi32

RegEnumKeyA
GetAce
EqualSid
GetLengthSid
OpenEventLogW
GetTokenInformation
MakeSelfRelativeSD
LookupAccountSidW
LsaNtStatusToWinError
RegCreateKeyExW
RegCreateKeyExA
SetSecurityDescriptorDacl
SetEntriesInAclW
SetFileSecurityW
RegEnumKeyExW
GetOldestEventLogRecord
AdjustTokenPrivileges
SetSecurityDescriptorGroup
GetSecurityDescriptorGroup
LookupPrivilegeValueW
RegOpenKeyExA
RegOpenKeyExW
AllocateAndInitializeSid
RegDeleteValueW
RegDeleteValueA
ImpersonateLoggedOnUser
RegFlushKey
RegEnumValueW
RegQueryValueExW
RegQueryValueExA
InitializeSecurityDescriptor
RegSetValueExA
RegSetValueExW
RegConnectRegistryW
ConvertStringSidToSidW
LookupAccountNameW
GetUserNameA
GetUserNameW
CloseEventLog
DeregisterEventSource
RegQueryInfoKeyW
RegQueryInfoKeyA
GetNumberOfEventLogRecords
RegisterEventSourceW
CheckTokenMembership
AddAccessAllowedAce
InitializeAcl
AddAccessDeniedAce
CopySid
RegDeleteKeyW
OpenProcessToken
GetAclInformation
FreeSid
ReportEventW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
ConvertSidToStringSidW
SetSecurityDescriptorOwner
GetSecurityDescriptorOwner
RegCloseKey
LogonUserW

msvcrt

abs
isupper
isalpha
isalnum
toupper
memchr
memcmp
memcpy
memset
sprintf
isprint
isspace
iscntrl
isxdigit
ispunct
isgraph
tolower
islower

netapi32

NetUserGetInfo

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

SetFileTime
GetFileType
GetFileTime
GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
GetCurrentProcessId
Beep
TerminateThread
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
GlobalSize
GetCPInfoExW
GetSystemTime
CreateHardLinkW
SetUnhandledExceptionFilter
GetTempPathA
EnumSystemLocalesW
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetVersionExA
FreeLibrary
HeapDestroy
DosDateTimeToFileTime
GetDiskFreeSpaceA
FindFirstFileA
SetLastError
GetModuleFileNameW
GetLastError
GlobalAlloc
GlobalUnlock
CompareStringW
CreateThread
CreateMutexW
LoadLibraryA
ResetEvent
GetVolumeInformationW
RaiseException
FormatMessageW
WriteConsoleW
GetCurrentThread
CreateFileMappingA
IsBadReadPtr
BackupSeek
ExpandEnvironmentStringsW
GetComputerNameA
LoadLibraryExW
FileTimeToSystemTime
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
Sleep
SetFilePointer
LoadResource
SuspendThread
GetTickCount
OpenFileMappingA
FindNextFileA
GetFileSize
GetStartupInfoW
GetFileAttributesW
LocalSize
GetThreadPriority
SetThreadPriority
VirtualAlloc
AttachConsole
GetSystemInfo
GetTempPathW
LeaveCriticalSection
GetLogicalDriveStringsW
GetModuleHandleA
HeapCreate
VerSetConditionMask
GetDiskFreeSpaceW
GetUserDefaultUILanguage
GetConsoleOutputCP
GetModuleFileNameA
CopyFileA
GetCompressedFileSizeW
HeapFree
WideCharToMultiByte
MultiByteToWideChar
FindClose
LoadLibraryW
SetEvent
GetLocaleInfoW
BackupWrite
FormatMessageA
GetLocalTime
WaitForSingleObject
DeleteCriticalSection
SetErrorMode
TzSpecificLocalTimeToSystemTime
GetComputerNameW
IsValidLocale
LoadLibraryExA
FindNextVolumeW
LocalAlloc
WaitForMultipleObjectsEx
GetVolumePathNameW
SetFileAttributesW
CreateDirectoryExW
RtlUnwindEx
QueryDosDeviceW
VirtualProtect
ReadProcessMemory
OpenFileMappingW
lstrcmpiW
QueryPerformanceFrequency
VirtualFree
GetThreadContext
FlushInstructionCache
ExitProcess
HeapAlloc
GetFileAttributesA
GetCurrentDirectoryA
GetLongPathNameW
RtlUnwind
GetCPInfo
GetCommandLineA
GetStdHandle
GetModuleHandleW
GetWindowsDirectoryA
CompareFileTime
FileTimeToDosDateTime
ReadFile
LCMapStringA
AcquireSRWLockShared
CreateProcessW
FindResourceW
lstrlenA
CopyFileW
lstrcmpA
MapViewOfFile
MulDiv
CreateFileA
GetLocaleInfoA
GetVersion
GetDriveTypeW
GetComputerNameExW
FreeResource
DeleteFileA
MoveFileW
GlobalAddAtomW
GetSystemTimeAsFileTime
OpenProcess
SwitchToThread
FindVolumeClose
GetExitCodeThread
BackupRead
OutputDebugStringW
LocalFileTimeToFileTime
GetFileAttributesExW
SetNamedPipeHandleState
GlobalMemoryStatusEx
CreateDirectoryA
TerminateProcess
LockResource
FindFirstVolumeW
GetPriorityClass
CancelIo
RemoveDirectoryA
GetCurrentThreadId
UnhandledExceptionFilter
MoveFileExW
CreateEventA
GlobalFree
SetFileAttributesA
SetVolumeLabelW
EnterCriticalSection
ReleaseMutex
AcquireSRWLockExclusive
GetTempFileNameW
GlobalDeleteAtom
SetCurrentDirectoryW
GetCurrentDirectoryW
InitializeCriticalSection
GlobalLock
GetCurrentProcess
GetCommandLineW
DuplicateHandle
ResumeThread
GetProcAddress
GetVersionExW
VerifyVersionInfoW
GetWindowsDirectoryW
DeviceIoControl
LCMapStringW
FindFirstFileW
CreateProcessA
UnmapViewOfFile
GetConsoleCP
GlobalHandle
FindResourceA
lstrlenW
SetEndOfFile
QueryPerformanceCounter
GetVolumeNameForVolumeMountPointW
lstrcmpW
lstrcpyW
GetCalendarInfoW
CreateMutexA
SystemTimeToFileTime
CreateFileW
EnumResourceNamesW
GetSystemDirectoryW
DeleteFileW
IsDBCSLeadByteEx
ReleaseSRWLockShared
GetEnvironmentVariableW
GetFileInformationByHandle
WriteFile
GetOEMCP
CreateFileMappingW
ExitThread
CreatePipe
TlsGetValue
GetDateFormatW
ExpandEnvironmentStringsA
TlsSetValue
GetSystemDefaultUILanguage
CreateDirectoryW
EnumCalendarInfoW
GetConsoleMode
GetProfileStringW
GetProcessId
RemoveDirectoryW
GlobalMemoryStatus
CreateEventW
ReleaseSRWLockExclusive
SetThreadLocale
GetThreadLocale

wintrust

WinVerifyTrust

bcrypt

BCryptCreateHash
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptHashData
BCryptFinishHash

shfolder

SHGetFolderPathW

wsock32

htons
setsockopt
select
WSAStartup
WSACleanup
gethostbyname
bind
closesocket
socket
recv
ioctlsocket
WSAGetLastError
connect
inet_addr
recvfrom
sendto
send

crypt32

CertCreateCertificateContext
CertAddCertificateContextToStore
CertFreeCertificateContext
CertOpenStore
CertCloseStore

gdi32

EnumEnhMetaFile
Pie
SetBkMode
TextOutA
GetRandomRgn
CreateCompatibleBitmap
BeginPath
GetEnhMetaFileHeader
CloseEnhMetaFile
RectVisible
AngleArc
ResizePalette
SetAbortProc
SetTextColor
GetTextColor
StretchBlt
CreateFontA
RoundRect
SelectClipRgn
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
CreateDCW
CreateICW
CreatePen
PolyBezierTo
GetStockObject
CreateSolidBrush
GetBkMode
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
GetTextExtentPoint32A
StartDocW
GetSystemPaletteEntries
GetEnhMetaFileBits
CreatePenIndirect
GetEnhMetaFilePaletteEntries
SetMapMode
GetMapMode
CreateFontIndirectW
PolyBezier
LPtoDP
EndDoc
GetObjectW
GetFontData
GetCurrentObject
GetWinMetaFileBits
SetROP2
GetOutlineTextMetricsW
GetEnhMetaFileDescriptionW
ArcTo
GetTextFaceA
CreateEnhMetaFileW
Arc
CreateRectRgnIndirect
TextOutW
SelectPalette
SetGraphicsMode
ExcludeClipRect
SetWindowOrgEx
MaskBlt
CreatePatternBrush
EndPage
EndPath
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
GetViewportOrgEx
CreateRectRgn
RealizePalette
CreateFontW
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SelectClipPath
SetEnhMetaFileBits
GetCharABCWidthsA
Rectangle
DeleteDC
SaveDC
BitBlt
SetWorldTransform
FrameRgn
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
GetClipRgn
Polyline
StartDocA
IntersectClipRect
CreateBitmap
CombineRgn
SetWinMetaFileBits
CreateDIBitmap
GetStretchBltMode
CreateDIBSection
SetStretchBltMode
GetDIBits
ExtCreateRegion
LineTo
GetRgnBox
EnumFontsW
SetWindowExtEx
CreateHalftonePalette
DeleteObject
SelectObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
OffsetRgn
SetBkColor
GetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
SetDCPenColor
GetNearestPaletteIndex
SetTextAlign
GetTextAlign
CreateRoundRectRgn
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetViewportExtEx
SetPixel
EnumFontFamiliesExW
GetPolyFillMode
StretchDIBits
GetPaletteEntries

usp10

ScriptGetProperties
ScriptItemize
ScriptShape
ScriptLayout
ScriptApplyDigitSubstitution

mpr

WNetGetLastErrorW
WNetEnumResourceW
WNetGetUniversalNameW
WNetCloseEnum
WNetAddConnection2W
WNetCancelConnection2W
WNetOpenEnumW

winmm

sndPlaySoundW
timeGetTime

oleacc

LresultFromObject
AccessibleChildren
AccessibleObjectFromWindow

wininet

InternetCloseHandle
InternetGetLastResponseInfoW
InternetConnectW
InternetSetOptionW
InternetCrackUrlW
InternetReadFile
InternetErrorDlg
HttpOpenRequestW
InternetOpenUrlW
InternetOpenW
HttpSendRequestW
HttpQueryInfoW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comdlg32

FindTextW
ChooseColorW
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
PrintDlgW

comctl32

FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
ImageList_GetDragImage
FlatSB_SetScrollProp
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
FlatSB_GetScrollInfo
ImageList_Write
ImageList_DrawIndirect
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_Draw
ImageList_Remove

shell32

SHBrowseForFolderW
SHBindToParent
PathMakeUniqueName
SHCreateShellItem
ILFindLastID
SHGetFileInfoW
ILCreateFromPathW
SHGetDesktopFolder
ILRemoveLastID
SHChangeNotify
SHChangeNotification_Unlock
ShellExecuteW
ShellExecuteA
SHMultiFileProperties
DragQueryFileW
SHCreateShellFolderView
SHGetSpecialFolderLocation
Shell_NotifyIconW
ILCombine
SHGetPathFromIDListA
SHGetDataFromIDListW
SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteExA
ILGetNext
SHChangeNotifyDeregister
SHGetMalloc
ILFindChild
SHChangeNotifyRegister
ILFree
ILClone
IsUserAnAdmin
SHAppBarMessage
SHAddToRecentDocs

urlmon

URLDownloadToFileW

imagehlp

ImageEnumerateCertificates
ImageGetCertificateData
ImageGetCertificateHeader

ole32

RevokeDragDrop
CreateDataAdviseHolder
CreateBindCtx
CoCreateInstance
CoUninitialize
CLSIDFromString
OleGetClipboard
ReleaseStgMedium
OleSetClipboard
RegisterDragDrop
IsEqualGUID
StgOpenStorage
ProgIDFromCLSID
CreateStreamOnHGlobal
OleInitialize
CoInitializeEx
OleUninitialize
CoInitialize
CoDisconnectObject
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
DoDragDrop

ntdll

NtQueryInformationFile
NtQueryDirectoryFile

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 27.7MB - Virtual size: 27.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 2.0MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.9MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d442d3de1dfdd1b88b0e1fd99e38ddcc

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

74:37:a5:59:8a:bd:fe:99:d2:4f:c0:56Certificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

45:3d:96:1f:54:e9:fe:35:85:63:ea:80:27:35:27:a2:5c:7e:e3:84:8a:87:ea:c7:cb:c5:8a:09:f8:e4:71:47Signer

Headers

DLL Characteristics

File Characteristics

Imports

virtdisk

shlwapi

version

user32

oleaut32

advapi32

msvcrt

netapi32

winhttp

kernel32

wintrust

bcrypt

shfolder

wsock32

crypt32

gdi32

usp10

mpr

winmm

oleacc

wininet

winspool.drv

comdlg32

comctl32

shell32

urlmon

imagehlp

ole32

ntdll

Exports

Exports

Sections

.text Size: 27.7MB - Virtual size: 27.7MB

.data Size: 2.3MB - Virtual size: 2.3MB

.bss Size: - Virtual size: 2.0MB

.idata Size: 32KB - Virtual size: 32KB

.didata Size: 11KB - Virtual size: 11KB

.edata Size: 512B - Virtual size: 158B

.tls Size: - Virtual size: 2KB

.rdata Size: 512B - Virtual size: 109B

.reloc Size: 1.5MB - Virtual size: 1.5MB

.pdata Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 7.9MB - Virtual size: 7.9MB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

74:37:a5:59:8a:bd:fe:99:d2:4f:c0:56
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

45:3d:96:1f:54:e9:fe:35:85:63:ea:80:27:35:27:a2:5c:7e:e3:84:8a:87:ea:c7:cb:c5:8a:09:f8:e4:71:47
Signer

.text
Size: 27.7MB - Virtual size: 27.7MB

.data
Size: 2.3MB - Virtual size: 2.3MB

.bss
Size: - Virtual size: 2.0MB

.idata
Size: 32KB - Virtual size: 32KB

.didata
Size: 11KB - Virtual size: 11KB

.edata
Size: 512B - Virtual size: 158B

.tls
Size: - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 109B

.reloc
Size: 1.5MB - Virtual size: 1.5MB

.pdata
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 7.9MB - Virtual size: 7.9MB